How to execute arbitrary PHP code in Bomgar remote support?
By providing an specially crafted PHP serialized object, it is possible to write arbitrary data to arbitrary files. This effectively allows the execution of arbitrary PHP code in the context of the Bomgar Remote Support system user. To exploit the vulnerability, a valid Logging Session ID (LSID) is required.
Is Bomgar the same as BeyondTrust?
Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise. Bomgar Is Now BeyondTrust, but Some Things Haven't Changed. New Name, Same Leading Support Software. Bomgar is still the most secure remote support software in the world.
What is Bomgar's Universal privilege management?
Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise. Bomgar Is Now BeyondTrust, but Some Things Haven't Changed.
Vulnerability Details
The PHP function unserialize allows the creation of arbitrary object constructs of any class with arbitrary attributes of almost arbitrary types without any validation.
Exploitation
The most challenging part of exploiting such a vulnerability is finding appropriate classes with effects beneficial for an attacker. Therefore, it solely depends on the available classes. If there are no classes with beneficial effects available, it is not exploitable.
Additional Information on Exploitation
If the document root location of the web server is unknown, one can utilize PHP's autoload functionality, which allows the inclusion of a ' *.php ' file from any location as long as the path can be expressed in a class name with ' _ ' instead of ' / '.
Course of events and 'cooperation' with Bomgar
The whole process of the disclosure of this vulnerability took longer than expected: The initial report submission of the vulnerability to US CERT was on 2014-11-14. They instantly replied that they wanted me to first contact Bomgar directly.
The Only Remote Support Tool You'll Need
Bomgar is still the most secure remote support software in the world, only now it's called BeyondTrust Remote Support. Remote Support enables help desk teams to quickly and securely access and fix any remote device anywhere, on any platform, with a single solution.
If You Don't Love Your Remote Support Tool... There's Hope!
For technical support teams within mid-to-large enterprise organizations, choosing the right remote support solution is pivotal to the productivity and security of your service desk. If you've got inadequate tools, well, nothing makes a hard job harder.
Remote Support Highlighted Features
Provide fast remote assistance to any desktop, server, or mobile device, with screen sharing and remote control - anytime, from anywhere
The True Cost of Free Remote Support Software
Check out this free whitepaper that explores the cost of free and basic remote support tools, and how solutions like Bomgar Remote Support can foster your remote support security posture – without sacrificing productivity.
Solutions Designed with Security at the Forefront
Bomgar’s Remote Support solution allows organizations to improve security and productivity with a product that is easy to use and enables role-based access to specific systems. Admins can define sessions parameters, such as access time frames, required approvals, and permitted features to maintain control of access.
