vulnerability to a remote code execution exploit using the ysoserial tool in conjunction with the BeanShell1 gadget.

  • 7018388
  • 13-Dec-2016
  • 13-Dec-2016

Environment

NetIQ Sentinel versions 7.3.4, 7.4.3 & 8.0

Situation

Sentinel is vulnerable to a remote code execution exploit using the ysoserial tool in conjunction with the BeanShell1 gadget.

Resolution

Add following line to /etc/opt/novell/sentinel/config/deserialization-blacklist.conf

bsh.XThis

E.g. echo “bsh.XThis” >> /etc/opt/novell/sentinel/config/deserialization-blacklist.conf

restart the sentinel service