[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Remote Code Execution Vulnerability in ELBA5 Electronic Banking
From: Florian Bogner <florian () bee-itsecurity ! at>
Date: 2018-11-16 7:09:29
Message-ID: 4239E582-51B5-4919-ACAA-91DD81F79F49 () bee-itsecurity ! at
[Download RAW message or body]
Remote Code Execution Vulnerability in ELBA5 Electronic Banking
Metadata
===================================================
Affected product: ELBA5 Network Installation (https://www.elba.at)
CVSSv3 Score: 10.0 (https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Vulnerability Status: Fixed with version 5.8.1
Author: Florian Bogner @ Bee IT Security Consulting e.U.
Tested on: Windows 7 / Windows 10 / Windows 2018
Release Date: 16-Nov-2019
CVE: Not requested
Full Vulnerability Write Up: https://bogner.sh/elba
Product Description
===================================================
ELBA5 (https://www.elba.at) is one of Austria's most important business-focused electronic \
banking applications. It is used by the finance departments of many large organizations and \
supports about 24 different banks.
Vulnerability Description
===================================================
During a detailed analysis of the ELBA5 network installation, a design issue in the backend \
authentication module was identified. This issue could be abused to gain full control over the \
SQL Anywhere database of the ELBA5 server component. As this service was running within the \
context of the SYSTEM user, full control over the underlying server operating could be gained. \
Additionally, it was also possible to modify any data stored within the database. This \
especially includes queued wire transfers.
Further Details
===================================================
A full writeup of the underlying issues, as well as a reliably working Python exploit is \
available at: https://bogner.sh/elba
Suggested Solution
===================================================
Everyone should update to the latest ELBA5 release, namely version 5.8.1.
A lot of testing went into making the transition to a new authentication module completely \
transparent for end-users.
I want to sincerely thank everyone involved in fixing this issue. It was a great pleasure \
working with you guys!
___________
Florian Bogner
Information Security Expert, Speaker
Bee IT Security Consulting e.U.
Nibelungenstraße 37
3123 A-Schweinern
Tel: +43 660 123 9 454
Mail: florian@bee-itsecurity.at
Web: https://www.bee-itsecurity.at
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM3VSIt6BcyJw219gxA12DRarGXIFAlvubRMACgkQxA12DRar
GXLlcBAApDawgVxf07Oh4H7Mc8N0AIFQ8ydhPn8ptf75Tn5PZfW6t/3IdPv2YfLe
M1KyKjibOVnkFeNertUHhwyhiAR3FKLSSQC8d8Gb/KIyJlBttfUDxEs+QMV4AVaC
QuJ/oijMCSAq4x8BV5NB/xSN1SnDauhblng5g3OcAwW9wsNAGs9CBpsZwMK9FgiM
t7XLt1Rj1mlthzzaQmzXs5ORVPKqH1GQdSSP0/gGYDjQs/QQzJMP1DKDNu/35d8v
3bfshxqb3xe51WOWOav7C/vMLKYi1+X1mjrQsEecSaeZVr9g5aJvdg1CbBZEUQvW
kyMTVvWVEUO1pqldQcluIrSUEtfRcY61Ky20bUJDjEiTOg1YMjvWh1ND1GK2ttrM
1wS8t4g5wDT8GrX3p2gRVnoDGhrRSLxFQPesKacl1kNSrVqhysp0C3T+8l6fzy7B
l8xcuAstFQ/3zjx8RPf+gHmCLCFJ2wuP4Cm/xTGVswBcua8jH0f5hqLKY2qLIhhG
TUKUKH8fzD9oOsQpFCR4W6GzEefD7+oxTmd5V395j2RgYe6vKDysk4OmjZfZTEu+
4SEmGHhvgpHsSSF5fHrlB/atYpULWufhaf2KIDPO8ViT/Eynv6IWij3QANMGtC1u
tx2Fu+RfuxQIB/pvovnV5KGipGLRVMCFREjGL08buIbKATFHj6c=
=zMpG
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
--===============2519077192117943372==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic