SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   DFS Web Secure Vendors:   IBM
IBM DCE Distributed File System (DFS) Web Secure Relative Path Bug Lets Local Users Execute Arbitrary Code on the System With the Privileges of the Web Server
SecurityTracker Alert ID:  1004754
SecurityTracker URL:  http://securitytracker.com/id/1004754
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 12 2002
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the DCE Distributed File System (DFS) Web Secure product for IBM's AIX operating system. A local user may be able to obtain elevated privileges on the system.

It is reported that DFS Web Secure calls system commands without fully qualifying the path. As a result, a user can create an alternate binary with a common system command filename but in a different path so that that DFS Web Secure will execute the alternate binary instead of the system command. A user may be able to obtain elevated privileges on the system.

Impact:   A local user may be able to execute code on the system with the privileges of the web server.
Solution:   IBM has issued the following APAR to correct this flaw:

IY29749

Vendor URL:  www-3.ibm.com/software/network/dce/library/redbooks/sg244949/4949c36.htm#htmltop (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (AIX)

Message History:   None.


 Source Message Contents

Subject:  DFS Web Secure, AIX v4 Fix


AIX v4 Fixes:

DCE Distributed File System (DFS) 
DFS Web Secure
http://www-3.ibm.com/software/network/dce/library/redbooks/sg244949/4949c36.htm#htmltop


APAR: IY29749  COMPID: 5639I3500  REL: 310
ABSTRACT: SECURITY HOLE IN DFSWEB CONFIG SCRIPTS

PROBLEM DESCRIPTION:
A security exposure exists in the WebSecure configuration
utilities.  System commands are called with fully qualified
paths.

PROBLEM CONCLUSION:
Made necessary changes to the code

TEMPORARY FIX:
Search the files in /opt/dcelocal/web/bin/install
"exec" and fully qualify what they will call.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC