Critical Command Injection Vulnerability Found in Kemp LoadMaster
/ 3 min read
Quick take - A critical Command Injection vulnerability has been discovered in Kemp’s LoadMaster Load Balancer, affecting all versions up to 7.2.60.0 and allowing for remote exploitation without authentication, prompting the vendor to release a patched version to address the issue.
Fast Facts
- A critical Command Injection vulnerability in Kemp’s LoadMaster Load Balancer allows full system compromise without authentication, affecting all versions up to 7.2.60.0.
- The vulnerability can be exploited remotely via the Web User Interface (WUI), which is a significant target for potential attacks.
- User input is processed without proper sanitization, enabling arbitrary command execution through a specific function handling POST variables.
- Kemp has released a patched version of the software and an additional add-on to replace the vulnerable command execution method with a safer alternative.
- The article details the vulnerability’s identification, exploitation methods, and a timeline of communication between the researcher and Kemp regarding the issue.
Critical Vulnerability in Kemp’s LoadMaster Load Balancer
A critical vulnerability has been identified in Kemp’s LoadMaster Load Balancer, classified as a Command Injection vulnerability. This flaw poses a severe risk as it allows for full system compromise, with exploitation possible without requiring authentication. The vulnerability can be exploited remotely through access to the Web User Interface (WUI). All versions of LoadMaster up to and including version 7.2.60.0 are affected, as well as multi-tenant hypervisors up to and including version 7.1.35.11.
Importance of Addressing the Vulnerability
Kemp LoadMaster is widely used for load balancing applications, highlighting the importance of addressing this vulnerability. The research that uncovered this flaw was part of regular security assessments aimed at exploring the software’s security. The article detailing this issue explains the identification of the vulnerability, covers the vulnerable code segments and methods of exploitation, and includes the vendor’s response.
The attack surface includes core features of the software, which could allow unauthorized access to services or exposure of sensitive information. The WUI is emphasized as a significant target for potential attacks due to its role in configuring and controlling the software.
Research Findings and Vendor Response
During the research process, the investigator accessed a virtual machine image of the free version of the software. Initial login attempts were complicated by a selection menu, and the Diagnostic Shell provided limited functionality. The researcher extracted the file system from the virtual machine image, locating scripts related to the WUI written in BASH. A critical weak point was found in the login functionality, which does not require authentication.
The process involves a POST request during login, leading to the discovery of the Command Injection vulnerability. User input is processed without proper sanitization, allowing for arbitrary command execution. The vulnerability is linked to a specific function that handles POST variables without adequate checks. Reverse engineering tools were used to analyze the binary associated with the vulnerability, revealing a loophole that allows the input to remain unmodified, facilitating command injection.
Exploitation steps include crafting specific input, adhering to character count conditions, and ensuring proper URL encoding of the input. In response to the disclosure, Kemp provided a patched version of the software and an additional add-on to address the issue. The fix involved replacing the vulnerable command execution method with a safer alternative.
A detailed disclosure timeline has been outlined, documenting the communication between the researcher and Kemp, including dates for reporting, acknowledgment, and public disclosure. Kemp’s proactive response underscores the importance of addressing security vulnerabilities, which is crucial in widely utilized software applications.
Original Source: Read the Full Article Here
