Sign in / up

back to article If you can chdir you can hack CA's Unified Infrastructure Manager

IT shops running CA Technologies' Unified Infrastructure Management (UMI) – formerly CA Nimsoft – need to run patches for three vulnerabilities, one remotely exploitable. CA bought Nimsoft in 2010 to get its hands on the “single pane of glass” monitoring system, covering servers, networks, storage, and databases. The most …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Colin Millar

    "allows attackers to traverse the file system to access files or directories that are outside the restricted directory"

    Wow - I just had the most vivid dream spanning nearly 20 years - but now I have woken up and realise it is still 1998.

    6 0 Reply
    1. Anonymous Coward
      Reply Icon
      Joke

      Java relies on spaces within paths to ensure security...

      0 1 Reply
    2. jake Silver badge
      Reply Icon

      I had the same dream, but it's a third of a century ago ... Sun Microsystems first computers shipped with this particular problem. Except back then it was naively considered to be a feature, not a bug, at least by some folks who shall remain nameless.

      1 1 Reply
  2. Mage Silver badge
    Facepalm

    sequences like “..”

    Amazing ...

    First thing I check when I set up hosting is that public HTML can't browse at all and I can't get outside my own "home" via SFTP, SSH, control panel etc (otherwise other users maybe accidently ... never mind hackers)

    0 0 Reply
  3. jake Silver badge

    Obligatory.

    $ chdir /

    bash: chdir: command not found

    $

    0 0 Reply
  4. Alistair
    Windows

    quite right Jake, that really should be chdir() not chdir. My spell check doesn't catch syscalls either so.....

    0 0 Reply
  5. Anonymous Coward
    FAIL

    Unified Infrastructure Management bugs

    Did no one test this Unified Infrastructure Management for such bugs.

    0 0 Reply
  6. Captain DaFt

    "CA bought Nimsoft in 2010 to get its hands on the “single pane of glass” monitoring system, covering servers, networks, storage, and databases."

    Then someone, chucked a brick through the pane.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like