BMC Server Automation RSCD Agent ACL Bypass
Critical Nessus Plugin ID 90998
SynopsisThe BMC Server Automation RSCD agent running on the remote host is affected by a security bypass vulnerability.
DescriptionThe remote BMC BladeLogic Server Automation (BSA) RSCD agent is affected by a security bypass vulnerability due to a failure to properly enforce the ACL. An unauthenticated, remote attacker can exploit this, by ignoring the response to the RemoteServer.info request, to bypass the ACL and execute XML-RPC commands.
MITRE has assigned three different CVE identifiers to this vulnerability. CVE-2016-1542 and CVE-2016-1543 pertain to a variation where the exports file is bypassed, and CVE-2016-5063 concerns a variation where the users file is bypassed.
Note that CVE-2016-1542 and CVE-2016-1543 affect the Linux and Unix variants of RSCD, and CVE-2016-5063 affects the Windows variant.
SolutionThe fix for the CVE-2016-1542 and CVE-2016-1543 issues is accomplished by using a BMC Server Automation Compliance Template. Alternatively, these issues can be mitigated by configuring a host-based firewall on the affected system to only accept connections from the BSA infrastructure systems. See the vendor advisory for more details.
The fix for the CVE-2016-5063 issue is accomplished by updating the RSCD agent on the affected systems to version 8.7 P3 or 8.8, whichever version is qualified to work with your Application Server.
Alternatively, it can be mitigated by configuring the exports file on the affected system to only accept connections from the BSA infrastructure systems. See the vendor advisory for more details.