Detections
Analytics

BMC Server Automation RSCD Agent ACL Bypass

medium Nessus Plugin ID 90998

Language:

Synopsis

The BMC Server Automation RSCD agent running on the remote host is affected by a security bypass vulnerability.

Description

The remote BMC BladeLogic Server Automation (BSA) RSCD agent is affected by a security bypass vulnerability due to a failure to properly enforce the ACL. An unauthenticated, remote attacker can exploit this, by ignoring the response to the RemoteServer.info request, to bypass the ACL and execute XML-RPC commands.

MITRE has assigned three different CVE identifiers to this vulnerability. CVE-2016-1542 and CVE-2016-1543 pertain to a variation where the exports file is bypassed, and CVE-2016-5063 concerns a variation where the users file is bypassed.

Note that CVE-2016-1542 and CVE-2016-1543 affect the Linux and Unix variants of RSCD, and CVE-2016-5063 affects the Windows variant.

Solution

The fix for the CVE-2016-1542 and CVE-2016-1543 issues is accomplished by using a BMC Server Automation Compliance Template. Alternatively, these issues can be mitigated by configuring a host-based firewall on the affected system to only accept connections from the BSA infrastructure systems. See the vendor advisory for more details.

The fix for the CVE-2016-5063 issue is accomplished by updating the RSCD agent on the affected systems to version 8.7 P3 or 8.8, whichever version is qualified to work with your Application Server.
Alternatively, it can be mitigated by configuring the exports file on the affected system to only accept connections from the BSA infrastructure systems. See the vendor advisory for more details.

See Also

http://www.nessus.org/u?674c058b

http://www.nessus.org/u?668a5e7a

http://www.nessus.org/u?7e61055b

http://www.nessus.org/u?be481cfc

http://www.nessus.org/u?5d99b81e

Plugin Details

Severity: Medium

ID: 90998

File Name: bmc_rscd_acl_bypass.nasl

Version: 1.14

Type: remote

Family: Misc.

Published: 5/10/2016

Updated: 11/20/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2016-5063

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:bmc:bladelogic_server_automation_rscd_agent

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 2/26/2016

Vulnerability Publication Date: 3/2/2016

Exploitable With

Metasploit (BMC Server Automation RSCD Agent NSH Remote Command Execution)

Reference Information

CVE: CVE-2016-1542, CVE-2016-1543, CVE-2016-5063