SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Oracle WebLogic Vendors:   BEA Systems
BEA WebLogic Authentication Provider May Assign Incorrect Privileges in Certain Cases
SecurityTracker Alert ID:  1009763
SecurityTracker URL:  http://securitytracker.com/id/1009763
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Apr 26 2004
Original Entry Date:  Apr 13 2004
Impact:   Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 8.1 through Service Pack 2; 7.0 through Service Pack 4
Description:   A vulnerability was reported in BEA's WebLogic Server and WebLogic Express in the WebLogic Authentication provider. A group may be assigned elevated privileges in certain cases.

BEA reported that WebLogic Server and WebLogic Express sites that use the WebLogic Authentication provider as the default authentication provider in a security realm may be affected.

The vulnerability can reportedly be triggerd if the following sequence of events occurs [quoted for accuracy]:

"1. The system administrator creates a group (for example, Group1).

2. The system administrator then creates a second group (for example, Group2).

3. The system administrator makes Group1 a member of Group2.

4. The system administrator deletes Group2 and then later creates it again."

The report indicates that Group2 will have Group1 (with administrative privileges) as a member and, therefore, will also have administrative privileges.

Impact:   A group may be unintentionally assigned administrative privileges.
Solution:   The vendor has provided a revised fix, as described in their BEA04-52.01 advisory. The new advisory replaces BEA04-52.00.

For WebLogic Server and WebLogic Express version 8.1, upgrade to 8.1 SP2 and rename the following patch to 'wlSecurityProviders.jar':

ftp://ftpna.beasys.com/pub/releases/security/wlSecurityProviders81v2.jar

Place the 'wlSecurityProviders81.jar' file in the directory structure of 8.1 SP2 and replace the wlSecurityProviders81.jar with the renamed .jar file. Then, apply the following patch:

ftp://ftpna.beasys.com/pub/releases/security/CR107373_81sp2.jar

WebLogic Server version 8.1 SP3 will include this patch.

For WebLogic Server and WebLogic Express version 7.0, upgrade to 7.0 SP5.

Vendor URL:  dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.00.jsp


http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.00.jsp

 > Security Advisory:(BEA04-52.00)

 > From: BEA Systems Inc.

 > Minor Subject:Patches are available to prevent unintended system
 > administrator privileges

 > Product(s) Affected: WebLogic Server and WebLogic Express

A vulnerability was reported in BEA's WebLogic Server and WebLogic Express, affecting 
sites that use the WebLogic Authentication provider as the default authentication provider 
in a security realm.

The vulnerability can reportedly be triggerd if the following sequence of events occurs 
[quoted for accuracy]:

"1. The system administrator creates a group (for example, Group1).

2. The system administrator then creates a second group (for example, Group2).

3. The system administrator makes Group1 a member of Group2.

4. The system administrator deletes Group2 and then later creates it again."

The report indicates that Group2 will have Group1 (with administrative privileges) as a 
member and, therefore, will also have administrative privileges.


The following versions are reportedly affected:

8.1 through Service Pack 2, on all platforms
7.0 through Service Pack 4, on all platforms


For WebLogic Server and WebLogic Express version 8.1, the vendor recommends that you 
upgrade to Service Pack 2, rename the patch at 
ftp://ftpna.beasys.com/pub/releases/security/wlSecurityProviders81.jar to 
'wlSecurityProviders.jar', replace the 'wlSecurityProviders81.jar' in the directory 
structure of 8.1 Service Pack 2 with the renamed file.

The vendor reports that Service Pack 3 will include this fix.

For WebLogic Server and WebLogic Express version 7.0, the vendor recommends that you 
upgrade to Service Pack 5.


 > Threat level: Very Low - The vulnerability requires a specific usage pattern be
 > followed by a system administrator when using the WebLogic Authentication provider.
 > Severity: Medium - A group can unintentionally be given administrative privileges.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC