BMC Server Automation RSCD Agent ACL Bypass

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The BMC Server Automation RSCD agent running on the remote host is
affected by a security bypass vulnerability.

Description :

The remote BMC BladeLogic Server Automation (BSA) RSCD agent is
affected by a security bypass vulnerability due to a failure to
properly enforce the ACL. An unauthenticated, remote attacker can
exploit this, by ignoring the response to the RemoteServer.info
request, to bypass the ACL and execute XML-RPC commands.

MITRE has assigned three different CVE identifiers to this
vulnerability. CVE-2016-1542 and CVE-2016-1543 pertain to a variation
where the exports file is bypassed, and CVE-2016-5063 concerns a
variation where the users file is bypassed.

Note that CVE-2016-1542 and CVE-2016-1543 affect the Linux and Unix
variants of RSCD, and CVE-2016-5063 affects the Windows variant.

See also :

http://www.nessus.org/u?49d62b3b
http://www.nessus.org/u?22c5cb82
http://www.nessus.org/u?7e61055b
http://www.nessus.org/u?8412fa8e
http://www.nessus.org/u?5d99b81e

Solution :

The fix for the CVE-2016-1542 and CVE-2016-1543 issues is accomplished
by using a BMC Server Automation Compliance Template. Alternatively,
these issues can be mitigated by configuring a host-based firewall on
the affected system to only accept connections from the BSA
infrastructure systems. See the vendor advisory for more details.

The fix for the CVE-2016-5063 issue is accomplished by updating the
RSCD agent on the affected systems to version 8.7 P3 or 8.8, whichever
version is qualified to work with your Application Server.
Alternatively, it can be mitigated by configuring the exports file on
the affected system to only accept connections from the BSA
infrastructure systems. See the vendor advisory for more details.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 90998 ()

Bugtraq ID:

CVE ID: CVE-2016-1542
CVE-2016-1543
CVE-2016-5063

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now