In association with heise online

24 September 2007, 12:26

Hole in OmniPCX Enterprise communications software

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider RedTeam Pentesting has found a hole in Alcatel Lucent's OmniPCX enterprise telecommunications solution. The Unified Maintenance Tool CGI script (used by the Web server for maintenance) allows arbitrary shell commands to be executed. The problem results from improper filtering of user variables: additional parameters separated by semicolons can be passed to the script and to the shell:

curl -k "https://www.example.com/cgi-bin/masterCGI?ping=nomip&user=;ls\${IFS}-l;"

All versions of OmniPCX Enterprise up to and including R 7.1 are affected. An update closes the hole. The vendor also recommends disabling the Web server, although then some nice-to-have functions are no longer available.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733694
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit