Title: OPeNDAP Server3 Remote Command Execution Vulnerability
Severity: HIGH
Description:
OPeNDAP is a freely available framework that implements the Network Data Access Protocol.
OPeNDAP is prone to a remote command-execution vulnerability because the application fails to properly sanitize user-supplied input.
Specifically, attacker-supplied data passed to the 'get_url()' function through the 'url' argument is passed to the Perl 'open()' function without proper sanitization. This allows attackers to pass shell metacharacters, and arbitrary commands, to the 'open()' function that will be interpreted by the shell that Perl spawns to handle the call.
Exploiting this issue allows attackers to execute arbitrary commands in the context of the server.
A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.
OpeNDAP Server3 3.2.10 through to 3.7.4 are vulnerable to this issue.
Affected Products:
- OPeNDAP Server3 3.2.10
- OPeNDAP Server3 3.7.4
References:
- OPeNDAP: CGI Server Base Software Page
- OPeNDAP: OPeNDAP Home Page
- US-CERT: Vulnerability Note VU#857153
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
