RCE in production server
Gary Kramlich
grim at reaperworld.com
Fri Mar 10 01:57:53 EST 2017
Yikes! Thanks for bringing this to my attention. It's actually in a
container, but still an RCE is an RCE. I'm going to shut it down for
now until I hear back from atlassian.
On Thu, Mar 9, 2017 at 11:57 PM, voice kolai <abhikaf at gmail.com> wrote:
> Hello team,
>
>
> This is pretty bad. The production web app is running as root and anyone can
> get access to the system using recent apache struts 2 RCE in atlassian
> bamboo.
>
>
> proof of concept:
> Run the given python file.
>
> [cmd]>>id
>
> uid=0(root) gid=0(root) groups=0(root)
>
>
> [cmd]>>uname -a
>
> Linux e370b9fb4a9e 4.5.5-x86_64-linode69 #3 SMP Fri May 20 15:25:13 EDT 2016
> x86_64 GNU/Linux
>
> Although Atlassian messed up here, you guys shouldn't run the application as
> root. :-)
>
>
> I have contacted Atlassian as well regarding this issue.
>
> Thanks,
> Abhi
>
>
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
--
Thanks,
--
Gary Kramlich <grim at reaperworld.com>
More information about the security
mailing list