Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [AppSecInc Advisory WEBSP05-V0098] Remote Buffer overf

from [Team SHATTER] Network Security [Permanent Link]
Subject: [Full-disclosure] [AppSecInc Advisory WEBSP05-V0098] Remote Buffer overflow in WebSphere Application Server Administrative Console
Date: Tue, 07 Jun 2005 15:31:07 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Remote Buffer overflow in WebSphere Application Server Administrative
Console

AppSecInc Team SHATTER Security Advisory WEBSP05-V0098
http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html
June 07, 2005

Risk level: HIGH

Credits: This vulnerability was discovered and researched by Esteban
Martínez Fayó of Argeniss for Application Security Inc.

Affected Versions:
IBM WebSphere Application Server 5.0

Background:
The Administrative Console is a web-based tool used to manage the IBM
WebSphere Application Server administrative server. The Administrative
Console supports a full range of product administrative activities.

Details:
There is a Unicode buffer overflow in the WebSphere Application Server
Administrative Console. The security vulnerability exists in the
authentication mechanism. The authentication process takes place only
when the 'global security option' is enabled in the server. The
vulnerability can not be exploited if the security option is disabled.
The default TCP ports where this vulnerability can be exploited
include 9080 (HTTP), 9090 (HTTP) and 9043 (HTTPS).

Impact:
Unauthenticated attackers may execute arbitrary code in the context of
the server process.

Workaround:
There is no workaround. The attack surface can be reduced by denying
access to untrusted users on TCP ports 9080, 9090 and 9043.

Vendor Status:
Vendor was contacted and a patch was released.

Fix:
Apply the WebSphere Application Server 5.0.2 Cumulative Fix 11. The
patch can be found here:
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775

Links:
Application Security, Inc advisory:
http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
 
iD8DBQFCpfX7/0w1dSVRt4URAsACAJoDG9TGi30QNOUFYv2VAdg9GaoVrQCgwBPd
e03smGG+fj/kGkJ2Ns1d6EE=
=C3Fq
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [AppSecInc Advisory WEBSP05-V0098] Remote Buffer overflow in WebSphere Application Server Administrative Console, Team SHATTER <=
Previous by Date:  [Full-disclosure] LutelWall <= 0.97 insecure temporary file creation, ZATAZ Audits
Next by Date:  [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow, nolimit
Previous by Thread:  [Full-disclosure] LutelWall <= 0.97 insecure temporary file creation, ZATAZ Audits
Next by Thread:  [Full-disclosure] IpSwitch IMAP Server LOGON stack overflow, nolimit
Indexes:  [Date] [Thread] [Top] [All Lists]