CVE-2014-2507 consequences. Part II

Yesterday, when writing about privileged groups, I found out that privileged groups may be completely disabled by enabling DISABLE_PRIV_GRPS module in dm_docbase_config. So, what is a module and what modules does Content Server support? Modules in docbase config are undocumented parameters which change behaviour of Content Server (I suppose modules topic requires individual post). Besides modules Content Server also knows about several environment variables, which also change behaviour of Content Server (the most known environment variables are: DEVRANDOM, DM_FD_SET, DM_DOCBROKER_TRACE, DM_GROUP_LIST_LIMIT_TEMP_TBL, DM_LEFT_OUTER_JOIN_FOR_ACL, CLIENT_AUTH_SIG_THRESHOLD), environment variables requires individual post too, but today I have found a way how we can disable undesired behaviour described in CVE-2014-2507 consequences post. Follow my hands:

Connected to Documentum Server running Release 7.0.0140.0644  Linux.Oracle
Session id is s0
API> ?,c,execute do_method with method='dm_JMSAdminConsole',arguments='>'
  [DM_METHOD_E_METHOD_ARGS_INVALID]error:  "The arguments being passed to 
      the method 'dm_JMSAdminConsole' are invalid: arguments contain special 
      characters which are not allowed."


API> Bye
 ~]$ dm_shutdown_repo
Stopping Documentum server for repository: [repo]



        EMC Documentum iapi - Interactive API interface
        (c) Copyright EMC Corp., 1992 - 2012
        All rights reserved.
        Client Library Release 7.0.0130.0537


Connecting to Server using docbase repo
[DM_SESSION_I_SESSION_START]info:  
    "Session 0101ffd78008694c started for user dmadmin."


Connected to Documentum Server running Release 7.0.0140.0644  Linux.Oracle
Session id is s0
API> shutdown,c,T,T
...
OK
API> exit
Bye
Waiting for 90 seconds for server pid, 6298, to disappear.

Птн Сен  5 10:28:17 MSK 2014: Waiting for shutdown of repository: [repo]
Птн Сен  5 10:28:17 MSK 2014: checking for pid: 6298

Птн Сен  5 10:28:27 MSK 2014: Waiting for shutdown of repository: [repo]
Птн Сен  5 10:28:27 MSK 2014: checking for pid: 6298

repository: [repo] has been shutdown
checking that all children (1067 1137 1330 4338 4339 5315 6305 6316 
     6317 6331 6346 6357 6526 6554) have shutdown
 ~]$ export DM_METHOD_ARGS_CHECK=0
 ~]$ dm_start_repo
starting Documentum server for repository: [repo]
with server log: [/u01/documentum/cs/dba/log/repo.log]
server pid: 5489

 ~]$ iapi
Please enter a docbase name (docubase): repo
Please enter a user (dmadmin):
Please enter password for dmadmin:


        EMC Documentum iapi - Interactive API interface
        (c) Copyright EMC Corp., 1992 - 2012
        All rights reserved.
        Client Library Release 7.0.0130.0537


Connecting to Server using docbase repo
[DM_SESSION_I_SESSION_START]info:  
    "Session 0101ffd780086d00 started for user dmadmin."

Connected to Documentum Server running Release 7.0.0140.0644  Linux.Oracle
Session id is s0
API> ?,c,execute do_method with method='dm_JMSAdminConsole',arguments='>'
...

(1 row affected)

API>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s