[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service
- To: Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>, Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: [FD] CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service
- From: Gregory Pickett <gpickett71@xxxxxxxxx>
- Date: Mon, 11 Aug 2014 18:34:39 -0700
Title
===================
Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP)
Service
Summary
===================
Opendaylight (www.opendaylight.com) is vulnerable to Local and Remote File
Inclusion in the Netconf (TCP) Service via an External Entity Injection (XXE).
Opendaylight’s netconf service, when receiving an XML-RPC message, will process
any external entities referenced in that message, local or remote. And will do
so using its own running credentials which are root. So by injecting a
reference to a local file, you can extract any file you like from the running
system including the shadow file which can be leveraged by an attacker to
perform an offline password attack.
Affected Products
===================
Opendaylight 1.0 (Hydrogen) – Base, Virtualization, and Service Provider
Editions
CVE
===================
CVE-2014-5035
Details
===================
“To Be Released Later”
Impact
===================
Information Disclosure. Disclosure of hashed system credentials, which enables
mounting of offline password attacks. Eventual disclosure of clear-text system
credentials.
Credits
===================
Gregory Pickett (@shogun7273), Hellfire Security
----------
Gregory Pickett, CISSP, GCIA, GPEN
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/