SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   PowerChute Vendors:   American Power Conversion Corp.
APC PowerChute May Install a Vulnerable Version of JRE
SecurityTracker Alert ID:  1015643
SecurityTracker URL:  http://securitytracker.com/id/1015643
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 17 2006
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Business Edition 7.x; Network Shutdown 2.2.x and later
Description:   A vulnerability was reported in APC PowerChute Business Edition and PowerChute Network Shutdown. The software may install a vulnerable version of Sun JRE that allows a remote user to gain privileges on the target system.

A remote user can create a specially crafted Java application that, when loaded by the target user, will gain elevated privileges. The application may be able to read and write files or execute applications on the target user's system.

This can be exploited if the APC-installed JRE is associated with the system's web browser or is included in the standard Java execution path [not the default configuration].

The following versions are affected:

PowerChute Business Edition 7.x for Windows, Linux, and Solaris
PowerChute Network Shutdown 2.2.x and later

Impact:   A remote user may be able to read and write files or execute applications on the target user's system with the privileges of the target user.
Solution:   The vendor plans to include a patched version of JRE in the next regularly scheduled product update.

The vendor has provided the following workaround instructions [quoted]:

For PowerChute Business Edition 7.x customers:

Download and apply the JRE update patch available on APC s website at http://www.apc.com/tools/download to all machine running the PCBE agent or server.

For PowerChute Network Shutdown 2.2.x customers:

For APC installed JREs:
1. Ensure that APC installed JREs are not associated with the local system s web browser and not included in the standard Java execution path.

For PCNS, the JRE is copied to the following directory and its path is specified in the registry or start up script as follows:

Windows
Installed dir::C:\Program Files\jvm
Registry:data path in my computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PowerChuteNetShut\Parameters\Application
Windows x64:
Installed dir::C:\Program Files (x86)\jvm
Registry:data path in my computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PowerChuteNetShut\Parameters\Application
Linux:
Installed dir::/usr/local/bin/jvm
startup script:the Java path at 9th line of <PCNS installed dir>/powerchute.sh
Solaris:
Installed dir::/usr/bin/jvm
startup script:Java path right after nohup at 9th line of <PCNS installed dir>/powerchute.sh.


For system installed JREs:
1. Update all vulnerable system installed JREs to a patched version according to Sun s recommendations [1].
2. Uninstall PowerChute Network Shutdown
3. Reinstall PowerChute Network Shutdown

If it s necessary to remove APC installed JREs, follow the steps below:
For PowerChute Network Shutdown 2.2.x customers:
1. Uninstall PowerChute Network Shutdown
2. Install JREs to a patched version according to Sun s recommendations [1].
3. Reinstall PowerChute Network Shutdown


The APC security advisory is available at:

http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7638

The original Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1

Vendor URL:  nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7638 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC