发布于3月6日3月6日 Members Rocket Software: CVE-2023-28503: Authentication Bypass and Remote Code Execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/29/2023 Created 03/29/2023 Added 03/29/2023 Modified 04/10/2023 Description Rapid7 discovered an authentication bypass in the `do_log_on_user()` function in `libunidata.so` that permits a user to authenticate as any Linux user on the target service using a hard-coded username (`:local:`) and a deterministic password. This affects most of the services that UniData ships, and leads directly to shell command execution via the `udadmin` service. Additionally, it allows us to exploit several post-authentication vulnerabilities. Solution(s) rocket-unirpc-server-cve-2023-28503-upgrade References https://attackerkb.com/topics/cve-2023-28503 CVE - 2023-28503 https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/
