NetIQ Sentinel Java Object Deserialization RCE
Critical Nessus Plugin ID 96485
SynopsisThe remote NetIQ Sentinel server is affected by a remote code execution vulnerability
DescriptionThe remote Novell NetIQ Sentinel server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the BeanShell library. An unauthenticated, remote attacker can exploit this, by sending a specially crafted serialized Java object via the RMI interface, to execute arbitrary code with the privileges of the application.
SolutionFollow the resolution guideline as given in the NetIQ Sentinel advisory, as follows:
Add to /etc/opt/novell/sentinel/config/deserialization-blacklist.conf the following line:
Then restart the sentinel service.