[NEWS] PeopleSoft Control-J Information Disclosure
From: SecuriTeam (support_at_securiteam.com)
Date: 10/19/03
- Previous message: SecuriTeam: "[NEWS] PeopleSoft LONGCHAR and VARCHAR Data Upload (DoS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 19 Oct 2003 17:56:59 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
PeopleSoft Control-J Information Disclosure
------------------------------------------------------------------------
SUMMARY
<Control><J> is a hot key that is used by everyone that helps in
troubleshooting many issues within the PIA or Portal environment. Ever
since PeopleTools 8.1x, <Control><J> allows us to see information like:
Browser and its version, name of Operating System, PeopleTools version,
Application type and its version, Service Pack number, current Menu name,
and current Component name, current Page name, the UserID who is logging
in, the name of the Database logged into, the Database platform, and the
IP of the Application Server".
Although most of the information may seem to be harmless, some of the
information is considered too sensitive and should not be shared with all
of the user community. The following information should be hidden from the
users: the UserID who is logging in, the name of the Database logged into,
the Database platform, and the IP of the Application Server.
DETAILS
Vulnerable systems:
* PeopleSoft version 8.42
Vendor Solution:
Control - J functionality is modified by changing the following line in
configuration.properties:
# If set to true, the database name and other potentially sensitive
connection information
# will appear in the HTML generated for use in a help display.
# Default: true
connectionInformation=true
Setting this value to false will hide security related information from
CTLR-J and HTML object PT_INFOPAGE will be displayed:
Browser IE/6.0
Operating System WINNT
Browser Compression ON (gzip)
Tools Release 8.42.01
Application Release HRMS 8.80.00.000
Service Pack 0
Page NID_LOOKUP
Component NID_LOOKUP
Menu ADMINISTER_WORKFORCE_(GBL)
If connectionInformation=true, the following HTML object
PT_INFOPAGECONNECT is displayed:
Browser IE/6.0
Operating System WINNT
Browser Compression ON (gzip)
Tools Release 8.42.01
Application Release HRMS 8.80.00.000
Service Pack 0
Page NID_LOOKUP
Component NID_LOOKUP
Menu ADMINISTER_WORKFORCE_(GBL)
User ID PS
Database Name HRMS
Database Type MICROSFT
Application Server //127.0.0.1:9000
Further, the actual HTML objects can be modified to restrict display of
sensitive objects. Please note that this is a customization to a delivered
PeopleTools object and will require special attention when applying
PeopleTools patches and upgrades.
Vendor status:
3 June 03 PeopleSoft contacted
3 June 03 PeopleSoft confirms
24 June 03 PeopleSoft teleconference
19 July 03 PeopleSoft posts to Customer Connection
ADDITIONAL INFORMATION
The information has been provided by Barrett McGuire, Larry Wargo, and
Matt Fotter.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] PeopleSoft LONGCHAR and VARCHAR Data Upload (DoS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NEWS] Default Username/Password Pairs in ON Command CCM 5.x Database Backend
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... ON Command CCM ...
passwords for local administrators, ... Four default username/password pairs are present
in the Sybase database ... (Securiteam) - [NEWS] Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Oracle 10g R2 PITRIG_DROPMETADATA
Buffer Overflow Vulnerability ... Oracle Database Server is "a family of database
products that range from ... session to execute arbitrary code in the context of the database
account. ... (Securiteam) - [NT] PeopleSoft PeopleBooks Search CGI Multiple Argument Issues
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... - Cause a Denial of Services
on the web server host. ... PeopleSoft have released details of this and other issues
under security ... (Securiteam) - [NT] Microsoft JET Multiple Vulnerabilities (Exploit)
... The following security advisory is sent to the securiteam mailing list, and
can be found at the SecuriTeam web site: http://www.securiteam.com ... Microsoft JET database
is "a lightweight database widely used by MS Office ... MSAccess offset for stable jmp edx
... (Securiteam) - [NT] Multiple Vulnerabilities in ASPRunner
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... pages, users can search, sort,
edit, delete and add data into a database. ... attacker to perform SQL Injection
and XSS attacks as well as gather ... Every Page is vulnerable to SQL Injection attacks.
... (Securiteam)
