SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Unicenter Web Services Distributed Management Vendors:   CA
Unicenter Web Services Distributed Management Discloses Files to Remote Users
SecurityTracker Alert ID:  1016975
SecurityTracker URL:  http://securitytracker.com/id/1016975
CVE Reference:   CVE-2004-2478   (Links to External Site)
Date:  Oct 3 2006
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.1
Description:   Computer Associates reported a vulnerability in Unicenter Web Services Distributed Management. A remote user can view files on the target system.

Version 3.1 uses a vulnerable version of the Jetty web server that does not properly validate user-supplied input. A remote user can supply a specially crafted request to view files on target system that are located outside of the intended directory.

A demonstration exploit URL is provided:

http://[target]:8282/..\..\..\..\boot.ini

Oliver Karow and Richard Sammet of Symantec discovered this vulnerability.

Impact:   A remote user can view files on the target system.
Solution:   The vendor issued a fixed version (3.11) in December 2004.

The CA advisory is available at:

http://supportconnectw.ca.com/public/ca_common_docs/wsdmvuln_notice.asp

Vendor URL:  supportconnectw.ca.com/public/ca_common_docs/wsdmvuln_notice.asp (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Red Hat Enterprise), Linux (SuSE), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability

Title: CAID 34661: CA Unicenter WSDM File System Read Access 
Vulnerability

CA Vulnerability ID (CAID): 34661

CA Advisory Date: 2006-10-03

Discovered By: 
Oliver Karow, Symantec Security Consultant
oliver_karow at symantec dot com
Richard Sammet, Symantec Security Consultant
richard_sammet at symantec dot com

Impact: Remote attacker can access sensitive information.

Summary: Unicenter Web Services Distributed Management 3.1 uses a 
known vulnerable version of Jetty WebServer, an open source java 
web server. An advisory describing the Jetty WebServer 
vulnerability can be found at 
http://www.securityfocus.com/bid/11330. The vulnerability allows 
a remote attacker to gain full read access on the install 
partitions file system of the Unicenter WSDM host system through a 
directory traversal attack 
[e.g. http://192.168.50.31:8282/..\..\..\..\boot.ini]. 

Mitigating Factors: This is an older vulnerability that was 
addressed in December 2004 with the release of Unicenter Web 
Services Distributed Management (WSDM) 3.11.

Severity: CA has given this vulnerability a Medium risk rating.

Affected Products:
CA Unicenter Web Services Distributed Management (WSDM) 3.1

Affected platforms:
Red Hat Linux
Solaris
SUSE Linux
Microsoft Windows

Status and Recommendation: 
This vulnerability was addressed in December 2004 with the release 
of Unicenter Web Services Distributed Management (WSDM) 3.11. 
Customers using Unicenter WSDM 3.1 should upgrade to WSDM 3.11 or 
later through the CA SupportConnect web site at 
http://supportconnect.ca.com. 

Determining if you are affected: 
The WSDM version in use can be determined by viewing the 
downloaded package name. Search for files named CAWSDM_3_1.xxx.

References (URLs may wrap): 
CA SupportConnect:
http://supportconnect.ca.com/
CA SupportConnect Security Notice for this vulnerability:
Important Security Notice for CA Unicenter WSDM (File System Read 
Access Vulnerability)
http://supportconnectw.ca.com/public/ca_common_docs/wsdmvuln_notice.asp
CAID: 34661
CAID Advisory link: 
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34661
Discoverer: Symantec
http://www.symantec.com
CVE Reference: CVE-2004-2478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2478
OSVDB Reference: OSVDB ID: 10490
http://osvdb.org/10490

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA 
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln@ca.com, or contact me directly.

If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a 
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, One Computer Associates Plaza. Islandia, NY 11749
	
Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC