Reverse shell connection to Admin Console possible with vulnerabilities on TCP 9000/9001

  • 7018159
  • 17-Oct-2016
  • 18-Oct-2016

Environment

NetIQ Access Manager 4.1
NetIQ Access Manager 4.2

Situation

Due to issues with Java Deserialization on TCP Ports 9000 and 9001 it is possible using a prepared service to execute remote code on the Admin Console.The CVE one could leverage to do this is described at
https://issues.apache.org/jira/browse/COLLECTIONS-583, and could theoretically be used to dump the contents of files on the Admin Console server without root access.

Resolution

Fixed in NAM 4.3. For earlier builds, use iptables to block all access to TCP 9000/9001 except for it's own IP address ie, the IP address of the Admin Console itself.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.