U radu JBoss Enterprise SOA platforme uočen je sigurnosni nedostatak kojeg zlonamjerni korisnici mogu iskoristiti za dodavanje, brisanje i izmjenu podataka u JNDI stablu, što može imati različite posljedice.
Paket:
JBoss Enterprise SOA Platform 4.x
Operacijski sustavi:
Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6
Kritičnost:
4.4
Problem:
neodgovarajuća provjera ulaznih podataka
Iskorištavanje:
udaljeno
Posljedica:
izmjena podataka
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4605
Izvorni ID preporuke:
RHSA-2012:1295-01
Izvor:
Red Hat
Problem:
Do propusta dolazi jer zadane postavke JBoss JNDI usluge dozvoljavaju udaljenu dozvolu pisanja bez provjere ovlasti.
Posljedica:
Udaljeni napadač koji može pristupiti JNDI usluzi (priključak 1099), HA-JNDI usluzi (priključak 1100) ili HAJNDIFactory invoker servletu na JBoss poslužitelju može iskoristiti propust za dodavanje, brisanje i izmjenu podataka u JNDI stablu.
Rješenje:
Korisnicima se savjetuje korištenje najnovije inačice.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: JBoss Enterprise SOA Platform 4.2.0.CP05 and
4.3.0.CP05 update
Advisory ID: RHSA-2012:1295-01
Product: JBoss Enterprise Middleware
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1295.html
Issue date: 2012-09-19
CVE Names: CVE-2011-4605
=====================================================================
1. Summary:
An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that
fixes one security issue is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
2. Description:
JBoss Enterprise SOA Platform is the next-generation ESB and business
process automation infrastructure. JBoss Enterprise SOA Platform allows IT
to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future
(EDA and CEP) integration methodologies to dramatically improve business
process execution speed and quality. The Java Naming and Directory
Interface (JNDI) Java API allows Java software clients to locate objects or
services in an application server.
It was found that the JBoss JNDI service allowed unauthenticated, remote
write access by default. The JNDI and HA-JNDI services, and the
HAJNDIFactory invoker servlet were all affected. A remote attacker able to
access the JNDI service (port 1099), HA-JNDI service (port 1100), or the
HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add,
delete, and modify items in the JNDI tree. This could have various,
application-specific impacts. (CVE-2011-4605)
Red Hat would like to thank Christian SchlÄ
Posljednje sigurnosne preporuke