IBM Open Admin Tool SOAP welcomeServer PHP Command Injection

Added: 09/27/2017
CVE: CVE-2017-1092
BID: 98615

Background

IBM Informix Dynamic Server (IDS) is an online transaction processing (OLTP) data server for enterprise and workgroup computing. Open Admin Tool (OAT) is an open source, platform-independent tool providing a graphical interface for administrative tasks and performance analysis for IDS.

Problem

The welcomeServer SOAP service does not properly validate user input in the new_home_page parameter of the saveHomePage method. This allows arbitrary code to be written to the config.php file which is accessible directly from the Open Admin web root. If successfully exploited, an unauthenticated user could execute arbitrary code as system admin on Windows servers and as an unprivileged user on *nix servers.

Resolution

Apply the appropriate patches referenced in IBM Security Bulletin: Vulnerabilities in Informix Dynamic Server and Informix Open Admin Tool.

References

http://www-01.ibm.com/support/docview.wss?uid=swg22002897
https://www.exploit-db.com/exploits/42541/

Limitations

Exploit works on IBM Open Admin Tool 3.14 on Informix 12.1 Developer Edition (SUSE Linux 11) virtual appliance.

The Open Admin welcome message in config.php needs to be restored if exploit was successful.
Back to exploit index