Re: [PCWorks] Sun Java System Active Server Pages Multiple Vulnerabilities

• From: Peter Kaulback <peter@xxxxxxxxxxxxxxxxx>
• To: pcworks@xxxxxxxxxxxxx
• Date: Fri, 06 Jun 2008 17:34:55 -0400

Clint, this has to do with server software which I don't think would be 
very commonly used by anyone here. Maybe your big old tower system is 
the exception? ;)

Peter Kaulback

Clint Hamilton-PCWorks Admin-OrpheusComputing.com & 
ComputersCustomBuilt.com wrote:
> TITLE:
> Sun Java System Active Server Pages Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA30523
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/30523/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> Security Bypass, Manipulation of data, Exposure of system
> information, Exposure of sensitive information, System access
> 
> WHERE:
>>From remote
> 
> SOFTWARE:
> Sun Java System Active Server Pages 4.x
> http://secunia.com/product/15769/
> 
> DESCRIPTION:
> Some vulnerabilities and a security issue have been reported in 
> Sun
> Java System Active Server Pages, which can be exploited by 
> malicious
> users to compromise a vulnerable system, and by malicious 
> people to
> disclose sensitive information, manipulate certain data, bypass
> certain security restrictions, or to compromise a vulnerable 
> system.
> 
> 1) Input passed to an unspecified file included by various ASP
> applications is not properly verified before being used within 
> a
> function to create files. This can be exploited to create or 
> append
> to arbitrary files on the system.
> 
> 2) A security issue is caused due to password and configuration 
> data
> being stored within the application server root directory. This 
> can
> be exploited to disclose sensitive information, e.g. 
> configuration
> data or password hashes.
> 
> 3) An input validation error exists within unspecified ASP
> applications, which can be exploited to disclose the content of
> arbitrary files or delete arbitrary files via specially crafted 
> HTTP
> requests containing directory traversal sequences.
> 
> Successful exploitation of vulnerabilities #1 to #3 requires 
> network
> access to the administration server (port 5100/TCP).
> 
> 4) A boundary error exists in the handling of request within 
> the ASP
> server, which can be exploited to cause a stack-based buffer 
> overflow
> via a specially crafted request.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> 5) Various input to unspecified ASP applications is not 
> properly
> sanitised before being used to execute shell commands. This can 
> be
> exploited to inject and execute arbitrary shell commands via
> specially crafted HTTP requests containing shell 
> meta-characters.
> 
> Successful exploitation requires authenticated access to the
> administration server (but see #6).
> 
> 6) A design error can be exploited to bypass the authentication 
> of
> the administration HTTP server by sending specially crafted 
> requests
> to port 5102/TCP.
> 
> The vulnerabilities are reported in version 4.0.2. Other 
> versions may
> also be affected.
> 
> SOLUTION:
> Update to version 4.0.3
> https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_SMI-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=SJASP-4.0.3-OTH-G-TP@CDS-CDS_SMI
> 
> ORIGINAL ADVISORY:
> Sun:
> http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
> 
> iDefense Labs:
> http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705
> http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706
> http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707
> http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=708
> http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
> http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=710
=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.

• Follow-Ups:
  • Re: [PCWorks] Sun Java System Active Server Pages Multiple Vulnerabilities
    • From: Clint Hamilton-PCWorks Admin-OrpheusComputing.com & ComputersCustomBuilt.com

• References:
  • [PCWorks] Sun Java System Active Server Pages Multiple Vulnerabilities
    • From: Clint Hamilton-PCWorks Admin-OrpheusComputing.com & ComputersCustomBuilt.com

Other related posts:

• » Re: [PCWorks] Sun Java System Active Server Pages Multiple Vulnerabilities
• » Re: [PCWorks] Sun Java System Active Server Pages Multiple Vulnerabilities

1. Home
2. pcworks
3. Archive
4. 06-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---