The BES daemon in OPeNDAP server version 4 contains a vulnerability. This vulnerability may allow an attacker to execute arbitrary commands, or upload files to a remote server.
OPeNDAP is a software package designed to help researchers exchange data sets that are stored in different formats. The most recent version of OPeNDAP is server 4, or Hyrax. The Hyrax server includes a daemon called BES.
From the BES download page:
An attacker to execute arbitrary commands on a vulnerable server.
Thanks to NCIRT labs for reporting this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2007-05-18|
|Date Last Updated:||2007-05-21 19:04 UTC|