[NEWS] WebSphere Application Server Administrative Console Buffer Overflow

• Previous message: SecuriTeam: "[UNIX] xmysqladmin Insecure Temporary File Creation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 12 Jun 2005 11:10:18 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  WebSphere Application Server Administrative Console Buffer Overflow
------------------------------------------------------------------------

SUMMARY

"The Administrative Console is a web-based tool used to manage the IBM
WebSphere Application Server administrative server. The Administrative
Console supports a full range of product administrative activities."

A buffer overflow in the WebSphere Application Server Administrative
Console allows attackers to execute arbitrary code from remote.

DETAILS

Vulnerable Systems:
 * IBM WebSphere Application Server 5.0

Immune Systems:
 * IBM WebSphere Application Server 5.0.2.11

There is a buffer overflow in the WebSphere Application Server
Administrative Console. The security vulnerability exists in the
authentication mechanism. The authentication process takes place only when
the 'global security option' is enabled in the server. The vulnerability
can not be exploited if the security option is disabled. The default TCP
ports where this vulnerability can be exploited include 9080 (HTTP), 9090
(HTTP) and 9043 (HTTPS).

Exploitation of this vulnerability allows unauthenticated attackers to
execute arbitrary code with the context of the server process.

Workaround:
The attack surface can be reduced by denying access to untrusted users on
TCP ports 9080, 9090 and 9043.

Patch Availability:
Apply the WebSphere Application Server 5.0.2 Cumulative Fix 11. The patch
can be found here:
<http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775>
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775.

ADDITIONAL INFORMATION

The information has been provided by <mailto:shatter@appsecinc.com> Team
SHATTER.
The original article can be found at:
<http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html>
http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[UNIX] xmysqladmin Insecure Temporary File Creation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]