- Community Home
- >
- Storage
- >
- Entry Storage Systems
- >
- Disk Enclosures
- >
- Command View SDM security concerns
Disk Enclosures
1747993
Members
5368
Online
108756
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-16-2002 11:56 AM
тАО07-16-2002 11:56 AM
We recently purchased a couple VA7400s with HP15 firmware and Command View SDM 1.04. I installed the CV SDM hostagent, client and server components on an HPUX 11.0 system that is attached to the same SAN as the VA7400s. After installation, I noticed that the CLI commands and the GUI launcher command were world executable. Just for fun, I decided to try to run one of the commands as an unprivileged user, and was shocked when the command actually worked! In fact, an unprivileged user can successfully execute all VA administrative commands with the exception of Secure Manager commands. This means that any user can add, change, and delete LUNs, and even format the entire array! Since the Secure Manager commands have an additional password, an unprivileged user is not able to change the host access privileges on LUNs, but they can delete them entirely.
Merely, removing the world execute bit from the files (as the HP Response Center suggested) does not correct the problem, because unprivileged users can still copy the files into their home directories and successfully execute the commands. Restricting the entire /opt/sanmgr directory structure down so it is only root readable/executable is still not a fix, because an unprivileged user only needs to get the files from somewhere else (like HPs public web site), install them in their home directory, and away they go.
This vulnerability can also exploited remotely by any host allowed access (via the access.dat file) to a server running the CV SDM hostagent. If wildcards are used in the access.dat file (as suggested in the CV SDM users guide), any host in the wildcard subnet can administer the VA arrays. I have confirmed that this vulnerability exists in CV SDM 1.04 on HPUX 11.0, HPUX 11.11, and Red Hat Linux 7.2.
We first reported this issue to HP almost two months ago, and have been told that even though they agree that security is an important issue, fixing this vulnerability is a lower priority than adding features that customers really want. At this point they're hoping to fix this issue by the end of the year or first part of next. When we asked HP if customers would be notified about this vulnerability, they said that they assumed that most customers were already aware of the vulnerability and just weren't as concerned as we were.
Are we the only ones concerned about this issue? Don't get me wrong, CV SDM is not exactly feature rich, and could definitely use some enhancements, but what good is managing your storage if you can't secure it first? Please let me know if anyone else is concerned about this vulnerability, or if you have questions about what I've found.
Aaron
Merely, removing the world execute bit from the files (as the HP Response Center suggested) does not correct the problem, because unprivileged users can still copy the files into their home directories and successfully execute the commands. Restricting the entire /opt/sanmgr directory structure down so it is only root readable/executable is still not a fix, because an unprivileged user only needs to get the files from somewhere else (like HPs public web site), install them in their home directory, and away they go.
This vulnerability can also exploited remotely by any host allowed access (via the access.dat file) to a server running the CV SDM hostagent. If wildcards are used in the access.dat file (as suggested in the CV SDM users guide), any host in the wildcard subnet can administer the VA arrays. I have confirmed that this vulnerability exists in CV SDM 1.04 on HPUX 11.0, HPUX 11.11, and Red Hat Linux 7.2.
We first reported this issue to HP almost two months ago, and have been told that even though they agree that security is an important issue, fixing this vulnerability is a lower priority than adding features that customers really want. At this point they're hoping to fix this issue by the end of the year or first part of next. When we asked HP if customers would be notified about this vulnerability, they said that they assumed that most customers were already aware of the vulnerability and just weren't as concerned as we were.
Are we the only ones concerned about this issue? Don't get me wrong, CV SDM is not exactly feature rich, and could definitely use some enhancements, but what good is managing your storage if you can't secure it first? Please let me know if anyone else is concerned about this vulnerability, or if you have questions about what I've found.
Aaron
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-09-2003 06:58 AM
тАО05-09-2003 06:58 AM
Solution
Our company has purchased VA7410 and I also found this security issue. We are running command view on Windows 2000 platform. I was experimenting with web access and found that from allowed IP you can do anything with LUNs, but not with Secure Manager. Only Secure Manager needs authentication (password). So I am also very concerned about this issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-09-2003 07:31 AM
тАО05-09-2003 07:31 AM
Re: Command View SDM security concerns
Wow! I can't believe it took 10 months before someone else realized they have a serious security issue if running Command View SDM. I wish I could tell you how much progress HP has made on these issues over the last 10 months, but unfortunately there has been very little.
We actually had the product manager for Command View SDM come to our site so we could explain to him the security flaws in the application, but as of CV SDM 1.06 there has been no change. Actually, the one change HP made is that CV SDM is no longer available on the public web site, which isn't exactly the solution I was looking for.
For now, the best way to secure the product is to install CV SDM on a system with only administrator access. Definately disable the web server, and make sure you don't have any wildcards in the access.dat file. Also, make sure any LUNs that have config priviledges are specifically assigned to the management server. Otherwise, any other system on the SAN could be used to manage the array as well.
In my opinion, these security issues are so basic and severe that this software never should have made it out of the development lab, let alone be in production for almost 2 years!
Thanks for replying, please let me know if you make any progress with HP.
Aaron
We actually had the product manager for Command View SDM come to our site so we could explain to him the security flaws in the application, but as of CV SDM 1.06 there has been no change. Actually, the one change HP made is that CV SDM is no longer available on the public web site, which isn't exactly the solution I was looking for.
For now, the best way to secure the product is to install CV SDM on a system with only administrator access. Definately disable the web server, and make sure you don't have any wildcards in the access.dat file. Also, make sure any LUNs that have config priviledges are specifically assigned to the management server. Otherwise, any other system on the SAN could be used to manage the array as well.
In my opinion, these security issues are so basic and severe that this software never should have made it out of the development lab, let alone be in production for almost 2 years!
Thanks for replying, please let me know if you make any progress with HP.
Aaron
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP