NASLDB: Liferay Portal 6.1.0 'addUser()' Security Bypass
General
ID: 59232
Name: Liferay Portal 6.1.0 ‘addUser()’ Security Bypass
Summary: Attempts to create a new administrative user
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C
Port: 80
Family: CGI abuses
Type: Remote
Description
The version of Liferay Portal hosted on the remote web server
contains a flaw in the ‘UserServiceUtil’ class’s ‘addUser’ method that
allows a remote, unauthenticated attacker to create new administrative
users. Since administrative users can install new plugins and
extensions, this may lead to arbitrary code execution.
In addition, this version of Liferay Portal may be affected by a
reconfiguration vulnerability that may allow the backing store to be
switched to an arbitrary, attacker-controlled server. However, Nessus
has not tested for this.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: –
OSVDB: –
Bugtraq: 53185
scipID: –
Timeline
Vulnerability Disclosure: 2012/04/21
Patch Release: 2012/04/20
Plugin Release: 2012/05/22
Plugin
Version: 1.2
Filename: liferay_6_1_0_addUser.nasl
Filesize: 6872 bytes
MD5 Hash: f7446142192d88d75b8ad81ede12124f
Identification: –
Require Keys: www/liferay_portal
Dependencies: "liferay_detect.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack