CERT-FI Advisory on IBM BladeCenter Advanced Management Module

Details

Several Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities have been found in the IBM BladeCenter Advanced Management Module. CERT-FI coordinated the remediation efforts of these vulnerabilities.

The CSRF vulnerabilities can be exploited by enticing a user to a specially modified www page. The user must be logged on to the web frontend of the management module to be exposed the the vulnerability. Additionally, the attacker must know the IP address of the management module. The exploitation of these vulnerabilities enables the attacker to execute administrative commands on the management module with the rights of the logged on user.

Among the XSS vulnerabilities there is a persistent (Type 2) XSS vulnerability. In case of unsuccessful login attempt, the vulnerable application writes the usernames into the application's log page without input sanitation. The vulnerability can be exploited by using a specific username when attempting to login to the web-based management interface. The exploitation takes place when a logged in user visits the log page of the management application. The exploitation of this vulnerability enables the attacker to execute administrative commands on the management module with the rights of the logged on user who visited the log page.

Vulnerability Coordination Information and Acknowledgements

CERT-FI has coordinated the release of this vulnerability between the vulnerability researcher and the affected vendor. CERT-FI would like to thank HEnri Lindberg fo Louhi Networks for reporting the vulnerability to us, and IBM for co-operation in the remediation efforts.

Vendor Information

• IBM BladeCenter Advanded Management Module 1.42 prior to version 1.42U

Remediation

Patch the vulnerable software components according to the guidance published by the vendor. The vulnerability can additionally be mitigated by limiting the use of the management interface according the instructions of the vulnerability researcher.

References

• http://louhinetworks.fi/advisory/ibm_090409.txt
• http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5076204&brandind=5000020
• http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5076206&brandind=5000020
• http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5078305&brandind=5000020
• http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5079494&brandind=5000020
• http://www-304.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5078307&brandind=5000020
• http://www-947.ibm.com/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-5079495&brandind=5000020
  
• CVE-2008-1288
• CVE-2008-1289
• CVE-2008-1290

Contact Information

CERT-FI Vulnerability Coordination can be contacted as follows:

Email:
vulncoord@ficora.fi
Please quote the advisory reference in the subject line

Telephone:
+358 9 6966 510
Monday - Friday 08:00 - 16:15 (EET: UTC+2)

Fax :
+358 9 6966 515

Post:
Vulnerability Coordination
FICORA/CERT-FI
P.O. Box 313
FI-00181 Helsinki
FINLAND

CERT-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at
https://www.cert.fi/en/activities/contact/pgp-keys.html

Revision History:

17 April 2009, 17:00: Published
12 August 2009, 13:17: Updated vulnerable product list and CVE list