Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:4462E95404B4A08EC0B5793734EC380B
HistorySep 27, 2017 - 12:00 a.m.

IBM Open Admin Tool SOAP welcomeServer PHP Command Injection

2017-09-2700:00:00
SAINT Corporation
download.saintcorporation.com
32

0.969 High

EPSS

Percentile

99.7%

JSON

Added: 09/27/2017
CVE: CVE-2017-1092
BID: 98615

Background

IBM Informix Dynamic Server (IDS) is an online transaction processing (OLTP) data server for enterprise and workgroup computing. Open Admin Tool (OAT) is an open source, platform-independent tool providing a graphical interface for administrative tasks and performance analysis for IDS.

Problem

The **welcomeServer** SOAP service does not properly validate user input in the **new_home_page** parameter of the **saveHomePage** method. This allows arbitrary code to be written to the **config.php** file which is accessible directly from the Open Admin web root. If successfully exploited, an unauthenticated user could execute arbitrary code as system admin on Windows servers and as an unprivileged user on *nix servers.

Resolution

Apply the appropriate patches referenced in IBM Security Bulletin: Vulnerabilities in Informix Dynamic Server and Informix Open Admin Tool.

References

<http://www-01.ibm.com/support/docview.wss?uid=swg22002897&gt;
<https://www.exploit-db.com/exploits/42541/&gt;

Limitations

Exploit works on IBM Open Admin Tool 3.14 on Informix 12.1 Developer Edition (SUSE Linux 11) virtual appliance.

The Open Admin welcome message in **config.php** needs to be restored if exploit was successful.

Related

checkpoint_advisories 1
saint 2
prion 1
zdt 2
cvelist 1
nessus 2
packetstorm 2
cve 1
ibm 1
exploitpack 1
seebug 1
exploitdb 1
checkpoint_advisories
checkpoint_advisories
IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow (CVE-2017-1092)
2017-06-19 00:00:00
saint
saint
IBM Open Admin Tool SOAP welcomeServer PHP Command Injection
2017-09-27 00:00:00
IBM Open Admin Tool SOAP welcomeServer PHP Command Injection
2017-09-27 00:00:00
prion
prion
Design/Logic Flaw
2017-05-22 20:29:00
zdt
zdt
IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution Exploit
2017-08-22 00:00:00
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea
2017-05-31 00:00:00
cvelist
cvelist
CVE-2017-1092
2017-05-22 20:00:00
nessus
nessus
IBM OpenAdmin Tool welcomeService.php Remote Code Execution
2017-10-23 00:00:00
IBM Informix Dynamic Server 11.50.xCn < 11.50.xC9 / 11.70.xCn < 11.70.xC9 / 12.10.xCn < 12.10.xC8W2 Multiple Vulnerabilities (SWEET32)
2017-05-24 00:00:00
packetstorm
packetstorm
IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution
2017-08-22 00:00:00
IBM Informix Dynamic Server DLL Injection / Code Execution
2017-05-31 00:00:00
cve
cve
CVE-2017-1092
2017-05-22 20:29:00
ibm
ibm
Security Bulletin: Vulnerabilities in Informix Dynamic Server and Informix Open Admin Tool
2018-06-16 13:47:59
exploitpack
exploitpack
IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow
2017-05-30 00:00:00
seebug
seebug
IBM Informix Dynamic Server Open Admin Tool RCE (CVE-2017-1092)
2017-05-24 00:00:00
exploitdb
exploitdb
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow
2017-05-30 00:00:00

0.969 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:4462E95404B4A08EC0B5793734EC380B
checkpoint_advisories1saint2prion1zdt2cvelist1nessus2packetstorm2cve1ibm1exploitpack1seebug1exploitdb1