Kaltura 11.1.0-2 - Remote Code Execution (Metasploit) question

Hi all,

I suspect you are all well aware of the Metasploit in below link:
https://www.exploit-db.com/exploits/40404/

We have looked into this and we came to the conclusion that to be able to use this exploit a hacker would need both root access and localhost acces to even be able to start exploiting the above linked exploit. But is this conclusion valid?

We are running a Kaltura version that is not upgradable to the newest version hence are trying to do a risk assessment on what the actual risk is. So far it seems like one would need alot more then just kaltura access to use this exploit am I right?

Kind regards,
Ken den Dooop

Hi @kendendoop,

I’m afraid no root access is needed to use this exploit. You just need to make an HTTP request.
You should really upgrade to the latest version, for many reasons, not only security but to protect against this particular exploit, you can simple remove the file /opt/kaltura/app/alpha/apps/kaltura/modules/keditorservices/actions/redirectWidgetCmdAction.class.php from your server. It shouldn’t be used for anything useful, it’s a left over from the very early days.

Thanks,

Hi Jess,

We are running 2 very old versions of Kaltura CE (v5 and v6) Both environments are being shut down soon but untill that time we need to minimize the chances that someone penetrates the environments.
We could simply remove the piece of code you mentioned, however due to the fact we are actually running versions “from the very early days” we are not sure wheter the code is actually needed.

Can you advice on that?

Hi @kendendoop,

I doubt you’re making any calls to the redirectWidgetCmdAction but you can verify by looking at your Apache access logs.
If you don’t see requests to this action, then it should be fine to remove.