Critical vulnerabilities in the monitoring system Centreon

Posted: October 18, 2014 in Vulnerabilities
Tags: ,


SQL InjectionSQL Injection / Command Injection in Centreon and Centreon Enterprise Server

Critical vulnerabilities has been identified in all versions of the free system monitoring Centreon, issued since 2008 (Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2 | 3.0). These vulnerabilities can be exploited by anonymous users without passing authentication. Update with security fixes until released.

Danger level: High
Availability of corrections: No
Quantity of vulnerabilities: 2

CVSSv2 Rating:
(AV: N / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: W / RC: C) = Base: 5.8 / Temporal: 4.7
(AV: N / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: W / RC: C) = Base: 5.8 / Temporal: 4.7

CVE ID:
1. CVE-2014-3828
2. CVE-2014-3829

Vector of operation: Remote
Impact: SQL injections, remote command injection

Affected Products: Centreon <= 2.5.2, Centreon Enterprise Server <= 2.2, Centreon Enterprise Server 3.0

Description:

1. The vulnerability CVE-2014-3828 – the possibility of substitution of SQL-queries. The problem is exploited through the transfer of POST-request to publicly available scripts “mnftr_id = 1 or 1 = 1 union all select version (), 2 – / **” or “index = 2 ‘or 1 = 1 – / **”.

2. The vulnerability CVE-2014-3829 – allows execute commands on the remote server. For the exploit requires that after the attack, At least one authenticated user turned to web-based interface. Technique attack amounts to passing a specially malformed requests to the script displayServiceStatus.php, which leads to the placement of data in the database, that will be passed as an argument without screening special characters (can be specify “; ls”).

Solution:

– Delete displayServiceStatus.php
– Wait for patches

Links:
http://seclists.org/fulldisclosure/2014/Oct/78

http://packetstormsecurity.com/files/128740/Centreon-SQL-Injection-Command-Injection.html


Centreon logoManufacturer URL:
http://www.centreon.com/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s