SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Directory)  >   Red Hat Directory Server Vendors:   Red Hat
Red Hat Directory Server Unsafe IDM Console Script Access Controls Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1019677
SecurityTracker URL:  http://securitytracker.com/id/1019677
CVE Reference:   CVE-2008-0889   (Links to External Site)
Date:  Mar 19 2008
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.0
Description:   A vulnerability was reported in Red Hat Directory Server. A local user can obtain elevated privileges on the target system.

The system sets insecure permissions on the redhat-idm-console startup script. A local user can modify the script to cause arbitrary code to be executed with the privileges of the user running Red Hat Management Console.

Doncho N. Gunchev reported this vulnerability.

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   Red Hat has issued a fixed redhat-idm-console package for Red Hat Directory Server.

Red Hat Directory Server 8.0 (for AS v. 4):

Source:
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/redhat-idm-console-1.0.0-22.el4idm.src.rpm

i386:
redhat-idm-console-1.0.0-22.el4idm.i386.rpm
redhat-idm-console-debuginfo-1.0.0-22.el4idm.i386.rpm

x86_64:
redhat-idm-console-1.0.0-22.el4idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.0-22.el4idm.x86_64.rpm

Red Hat Directory Server 8.0 (for ES v. 4):

Source:
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/redhat-idm-console-1.0.0-22.el4idm.src.rpm

i386:
redhat-idm-console-1.0.0-22.el4idm.i386.rpm
redhat-idm-console-debuginfo-1.0.0-22.el4idm.i386.rpm

x86_64:
redhat-idm-console-1.0.0-22.el4idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.0-22.el4idm.x86_64.rpm

Red Hat Directory Server 8.0 (for RHEL 5 Server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/redhat-idm-console-1.0.0-17.el5idm.src.rpm

i386:
redhat-idm-console-1.0.0-17.el5idm.i386.rpm
redhat-idm-console-1.0.0-17.el5idm.i386.rpm
redhat-idm-console-debuginfo-1.0.0-17.el5idm.i386.rpm
redhat-idm-console-debuginfo-1.0.0-17.el5idm.i386.rpm

x86_64:
redhat-idm-console-1.0.0-17.el5idm.x86_64.rpm
redhat-idm-console-1.0.0-17.el5idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.0-17.el5idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.0-17.el5idm.x86_64.rpm

The vendor's advisory is available at:

http://rhn.redhat.com/errata/RHSA-2008-0191.html

Vendor URL:  rhn.redhat.com/errata/RHSA-2008-0191.html (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  Linux (Red Hat Enterprise)

Message History:   None.


 Source Message Contents

Subject:  [RHSA-2008:0191-01] Important: redhat-idm-console security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: redhat-idm-console security update
Advisory ID:       RHSA-2008:0191-01
Product:           Red Hat Directory Server
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2008-0191.html
Issue date:        2008-03-19
CVE Names:         CVE-2008-0889 
=====================================================================

1. Summary:

Updated redhat-idm-console packages that fix a security issue are now
available for Red Hat Directory Server 8.0.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Directory Server 8.0 (for AS v. 4) - i386, x86_64
Red Hat Directory Server 8.0 (for ES v. 4) - i386, x86_64
Red Hat Directory Server 8.0 (for RHEL 5 Server) - i386, x86_64

3. Description:

The redhat-idm-console contains a Java based remote management console used
for managing Red Hat Administration Server and Red Hat Directory Server.

When running on Red Hat Enterprise Linux, Red Hat Directory Server 8.0 used
insecure permissions on the redhat-idm-console startup script. Local users
could modify this script and run arbitrary code with the privileges of the
user running Red Hat Management Console (CVE-2008-0889).

Red Hat would like to thank Doncho N. Gunchev for reporting this issue.

All redhat-idm-console users are advised to update to these erratum
packages which contain a fix to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network.  Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

436107 - CVE-2008-0889 directory server: insecure permissions on fedora/redhat-idm-console

6. Package List:

Red Hat Directory Server 8.0 (for AS v. 4):

Source:
ftp://updates.redhat.com/enterprise/4AS/en/RHDirServ/SRPMS/redhat-idm-console-1.0.0-22.el4idm.src.rpm

i386:
redhat-idm-console-1.0.0-22.el4idm.i386.rpm
redhat-idm-console-debuginfo-1.0.0-22.el4idm.i386.rpm

x86_64:
redhat-idm-console-1.0.0-22.el4idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.0-22.el4idm.x86_64.rpm

Red Hat Directory Server 8.0 (for ES v. 4):

Source:
ftp://updates.redhat.com/enterprise/4ES/en/RHDirServ/SRPMS/redhat-idm-console-1.0.0-22.el4idm.src.rpm

i386:
redhat-idm-console-1.0.0-22.el4idm.i386.rpm
redhat-idm-console-debuginfo-1.0.0-22.el4idm.i386.rpm

x86_64:
redhat-idm-console-1.0.0-22.el4idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.0-22.el4idm.x86_64.rpm

Red Hat Directory Server 8.0 (for RHEL 5 Server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHDirServ/SRPMS/redhat-idm-console-1.0.0-17.el5idm.src.rpm

i386:
redhat-idm-console-1.0.0-17.el5idm.i386.rpm
redhat-idm-console-1.0.0-17.el5idm.i386.rpm
redhat-idm-console-debuginfo-1.0.0-17.el5idm.i386.rpm
redhat-idm-console-debuginfo-1.0.0-17.el5idm.i386.rpm

x86_64:
redhat-idm-console-1.0.0-17.el5idm.x86_64.rpm
redhat-idm-console-1.0.0-17.el5idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.0-17.el5idm.x86_64.rpm
redhat-idm-console-debuginfo-1.0.0-17.el5idm.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0889
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFH4U/LXlSAg2UNWIIRAuSjAKCE82kxVmLFTmR0EgjzUleodUJUNQCeOx6T
Ev6P1EvKosPhFJ3L86tDEPc=
=dKeF
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC