Openfiler Command Injection Vulnerability in NetworkCard Object Execution

A command injection vulnerability has been identified in Openfiler versions 2.x, specifically in the system.html page. The vulnerability arises because the device parameter is used to create a NetworkCard object, which is then executed with unsanitized input. This flaw allows authenticated attackers to execute arbitrary commands as the openfiler user. Additionally, due to improperly configured sudoers, the openfiler user can escalate privileges to root by executing sudo /bin/bash without a password.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected system, with the executed commands running under the openfiler user. This could lead to unauthorized actions being performed on the system, including potential privilege escalation to root.

Reproduction

To reproduce this vulnerability, an authenticated user can send a request to the '/admin/system.html' page with a crafted 'device' parameter. The injected command should be encoded to bypass input sanitization. Once the command is executed, the openfiler user can use sudo to gain root access.