|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
Platform (Other): na
O/S Version: Other
Product Name: null
Product Description: null
|Issue||AM 8.1 P5 and earlier will Scan positive for CVE-2014-4877 (WGET FTP Symlink Attack Vulnerability)|
While AM 7.1 cannot be exploited because it does not have any wget libraries, AM 8.1 could be vulnerable if an admin or root account manually activated a wget FTP session to a compromised external FTP site.
No AM does not use wget internally for FTP. The attack can occur only if the customer logs in as rsaadmin and manually runs wget to retrieve/download data from an attacker controlled remote FTP server.
Technically, we have a mitigation in the below link, by changing the configuration in /etc/wgetrc.
Technically, we can have a mitigation as mentioned in this link, by changing the configuration in /etc/wgetrc.
Which says “you can mitigate the issue by adding the line "retr-symlinks=on" to either /etc/wgetrc or ~/.wgetrc”
# vi /etc/wgetrc (or Engineering says instead of vi /etc/wgetrc, use :-> sudo vi /etc/wgetrc)
i for insert
<esc> to exit Insert mode
:wq to save :q! to exit with no save
The default settings in wget have been changed such that wget no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. The old behaviour can be attained by passing the --retr-symlinks=no option to the wget command.