CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
73.0%
The Up.time client for Windows is vulnerable to an format string attack as well as a buffer overflow, and may allow unauthenticated users to perform certain commands.
CWE-134**: Uncontrolled Format String -**CVE-2015-2894
For version 6.0 and 7.2, an unauthenticated attacker on the network may send either the “%n
” or “%s
” format parameters will cause the application to crash. This vulnerability was addressed in version 7.6.
CWE-120**: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) -**CVE-2015-2895
For version 7.4, an unauthenticated attacker on the network sending commands with an input that is larger than 1024 bytes will crash the application. Remote code execution is likely but currently unproven. This vulnerability was addressed in version 7.6.
CWE-200: Information Exposure - CVE-2015-2896
For versions 7.6 and prior, an unauthenticated attacker on the network may send built-in commands to the port that the Up.time agent is using. These commands are not authenticated, and therefore the attacker can learn information such as the version of Up.time running, details about the underlying operating system running Up.time, details about other running processes on the system, and Windows operating system event log information. This vulnerability was addressed in version 7.7.
A remote unauthenticated user may be able to perform a denial of service on Up.time, or obtain system information for future use. It may also be possible to execute code.
Apply an update
Idera has released Up.time version 7.7 which addresses all vulnerabilities. Affected users are encouraged to update as soon as possible.
Affected users may also mitigate these issues with the following actions:
Check configuration
According to Idera, affected users may also use the following configuration settings to mitigate these issues:
1. All agents run in a read only mode by default, where they can only poll metrics.
2. In order to use custom scripts or trigger recovery actions, you need to set a password on the agent, or add commands to the .uptmpasswd
file for the linux agent.
3. Agents communication can be encrypted with SSL by using various SSL Tunneling/Proxy Utilities (openSSL, etc). KB articles cover the specifics for implementing with Stunnel on various platforms.
4. Agents running under xinet.d
can also be secured at the service level by restricting incoming connections to only accept connections from the Monitoring Station, or limit the total number of connections, etc.
5. Disable Agent Commands you don’t use either via the Agent Console or editing conf/agent_commands.txt
.
377260
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 29, 2015 Updated: September 15, 2015
Statement Date: August 04, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 6.4 | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Temporal | 5.5 | E:POC/RL:U/RC:UR |
Environmental | 4.1 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Matthew Benton and Richard Kelley for reporting this issue to us.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2015-2894, CVE-2015-2895, CVE-2015-2896 |
---|---|
Date Public: | 2015-12-08 Date First Published: |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
73.0%