APC PowerChute May Install a Vulnerable Version of JRE
|
|
SecurityTracker Alert ID: 1015643
|
|
SecurityTracker URL: http://securitytracker.com/id?1015643
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 17 2006
|
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): Business Edition 7.x; Network Shutdown 2.2.x and later
|
Description: A vulnerability was reported in APC PowerChute Business Edition and PowerChute Network Shutdown. The software may install a vulnerable version of Sun JRE that allows a remote user to gain privileges on the target system.
A remote user can create a specially crafted Java application that, when loaded by the target user, will gain elevated privileges.
The application may be able to read and write files or execute applications on the target user's system.
This can be exploited
if the APC-installed JRE is associated with the system's web browser or is included in the standard Java execution path [not the
default configuration].
The following versions are affected:
PowerChute Business Edition 7.x for Windows, Linux, and Solaris
PowerChute
Network Shutdown 2.2.x and later
|
Impact: A remote user may be able to read and write files or execute applications on the target user's system with the privileges of the target user.
|
Solution: The vendor plans to include a patched version of JRE in the next regularly scheduled product update.
The vendor has provided the
following workaround instructions [quoted]:
For PowerChute Business Edition 7.x customers:
Download and apply the JRE update
patch available on APC s website at http://www.apc.com/tools/download to all machine running the PCBE agent or server.
For PowerChute
Network Shutdown 2.2.x customers:
For APC installed JREs:
1. Ensure that APC installed JREs are not associated with the local
system s web browser and not included in the standard Java execution path.
For PCNS, the JRE is copied to the following directory
and its path is specified in the registry or start up script as follows:
Windows
Installed dir::C:\Program Files\jvm
Registry:data
path in my computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PowerChuteNetShut\Parameters\Application
Windows x64:
Installed
dir::C:\Program Files (x86)\jvm
Registry:data path in my computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PowerChuteNetShut\Parameters\Application
Linux:
Installed dir::/usr/local/bin/jvm
startup script:the Java path at 9th line of <PCNS installed dir>/powerchute.sh
Solaris:
Installed
dir::/usr/bin/jvm
startup script:Java path right after nohup at 9th line of <PCNS installed dir>/powerchute.sh.
For system
installed JREs:
1. Update all vulnerable system installed JREs to a patched version according to Sun s recommendations [1].
2.
Uninstall PowerChute Network Shutdown
3. Reinstall PowerChute Network Shutdown
If it s necessary to remove APC installed JREs,
follow the steps below:
For PowerChute Network Shutdown 2.2.x customers:
1. Uninstall PowerChute Network Shutdown
2. Install
JREs to a patched version according to Sun s recommendations [1].
3. Reinstall PowerChute Network Shutdown
The APC security
advisory is available at:
http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7638
The original Sun advisory
is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
|
Vendor URL: nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7638 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 17 Feb 2006 08:22:27 -0500
Subject: APC Security Advisory - Java Runtime Environment Unsigned Applet Privilege Escalation
|
http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7638
|
|
