7 Replies Latest reply on Jun 1, 2016 5:33 PM by Bill Robinson

    Critical Vulnerability has been detected on Windows Server: 90999 - BMC Server Automation RSCD Agent Weak ACL XML-RPC Arbitrary Command Execution

    Anushansa Gupta

      Hi all,

       

      Critical vulnerability has been detected on the Windows server with below details.Please help how to remove it from server and which restrictive access controls needs to be applied.

       

      Synopsis

      The BMC Server Automation RSCD agent running on the remote host is affected by a remote command execution vulnerability.

      Description

      The RSCD agent running on the remote host does not have access controls in place to prevent an attacker from executing XML-RPC commands. An unauthenticated, remote attacker can exploit this to execute arbitrary commands.

      See Also

      http://www.bmc.com/it-solutions/bladelogic-server-automation.html
      https://docs.bmc.com/docs/display/bsa88/Home

      Solution

      Apply more restrictive access controls to the export file.

      Risk Factor

      Critical

      CVSS Base Score

      10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

      Plugin Information:

      Publication date: 2016/05/10, Modification date: 2016/05/10

      Ports

      tcp/4750


      Nessus was able to execute the command "RemoteServer.getHostOverview" using the
      following request :

      https://172.24.47.125:4750/xmlrpc


      This produced the following truncated output (limited to 10 lines) :
      ------------------------------ snip ------------------------------
      <?xml version="1.0"?>
      <methodResponse><params><param>
      <value><struct><member><name>agentEnvironment</name><value><array><data><value>SYSTEMROOT=C:\Windows</value><value>WINDIR=C:\Windows</value></data></array></value></member><member><name>agentInstallDir</name><value>/C/Program Files/BMC Software/BladeLogic/RSCD/</value></member><member><name>licensed</name><value><i4>1</i4></value></member><member><name>machine</name><value>x86_64</value></member><member><name>majorVersion</name><value>8</value></member><member><name>minorVersion</name><value>6</value></member><member><name>nodename</name><value>TDRCRMNONPRDWIN</value></member><member><name>patchVersion</name><value>01</value></member><member><name>platformVersion</name><value>66</value></member><member><name>processor</name><value>x86_64</value></member><member><name>release</name><value>6.3</value></member><member><name>repeater</name><value><i4>0</i4></value></member><member><name>subnetMask</name><value>255.255.0.0</value></member><member><name>sysname</name><value>WindowsNT</value></member><member><name>version</name><value>9200</value></member></struct></value>
      </param></params></methodResponse>

      ------------------------------ snip ------------------------------