Skip to content

Home Publications IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service
IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service
Wednesday, 12 February 2020 12:06

IBM ServeRAID Manager version 9.30-17006 and prior exposes a Java RMI that allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. IBM ServeRAID Manager includes an embedded instance of Java version 1.4.2. ServeRAID Manager uses a Java Remote Method Invocation (RMI) on port 34571/tcp that listens on all interfaces by default. ServeRAID Manager runs with SYSTEM privileges on Microsoft Windows systems. An unauthenticated attacker with network access can exploit the vulnerable RMI interface to launch a remote class loader attack. This appears to be an instance of CVE-2011-3556.
Both ServeRAID Manager and Java 1.4.2 are no longer supported. It's advised to restrict access by configuring ServeRAID Manager to listen on specific network interfaces (like localhost) or using a host-based firewall to restrict network access to 34571/tcp.

 
[YOUR IP: 3.235.187.190: 38308] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...