SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CA SiteMinder Vendors:   CA
CA SiteMinder Input Validation Flaw in WebWorks Help Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1023683
SecurityTracker URL:  http://securitytracker.com/id/1023683
CVE Reference:   CVE-2009-3731   (Links to External Site)
Date:  Mar 4 2010
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0 SP4 and prior
Description:   A vulnerability was reported in CA SiteMinder. A remote user can conduct cross-site scripting attacks.

The WebWorks Help component does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the CA SiteMinder software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Daniel Grzelak and Alex Kouzemtchenko of stratsec (www.stratsec.net) reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the CA SiteMinder software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has issued a fix, available in the latest service pack.
Vendor URL:  www.ca.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Red Hat Enterprise), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents

Subject:  CA20100304-01: Security Notice for CA SiteMinder

CA20100304-01: Security Notice for CA SiteMinder


Issued: March 04, 2010


CA's support is alerting customers to a security risk with CA 
SiteMinder. Multiple cross site scripting (XSS) vulnerabilities 
exist that can allow a remote attacker to potentially gain 
sensitive information. CA has provided guidance to remediate the 
vulnerability.

The vulnerabilities, CVE-2009-3731, are due to insufficient 
validation of input strings. An attacker can potentially steal 
network domain credentials by enticing a user to visit a web page 
that contains malicious content.


Risk Rating

Low


Platforms

Windows
Solaris
HP-UX
Red Hat Linux


Affected Products

CA SiteMinder 6.0 (SP4 and earlier)


How to determine if the installation is affected

The vulnerability is caused by an issue with the publishing tool 
used to create the online help and HTML documentation for older CA 
SiteMinder releases (6.0 SP4 and earlier). This vulnerability 
affects CA SiteMinder in the following ways:

 * HTML versions of the product documentation for SiteMinder can 
be deployed on an individual system or through a web server. If 
product documentation has been deployed on a web server the 
SiteMinder 6.0 installation is vulnerable.

 * Online help systems for SiteMinder are deployed and accessible 
through a web server. This vulnerability applies to help systems.

In both cases, this vulnerability applies if web access to the 
associated web servers has been configured to make use of 
non-public (client-specific) information.


Solution

CA SiteMinder:

 * Upgrade Policy Servers to the latest service pack for SiteMinder 
6.0. Remove older versions of the product documentation from your 
servers.

 or

 * For Integrated Document sets, if you have deployed the HTML 
version of documentation to a web server, move the documentation 
to a file server and delete the documentation from the web server.

 * For Online Help systems, remove the help systems from the 
application folders and place them on a file system for future 
reference. Note that this will cause help links to fail in the 
associated applications.

 The folders that contain help systems are:

   o Administrative UI Help:
     <policy server home>\admin\help

   o Policy Server Management Console Help:
     <policy server home>\bin\smconsole-help

   o SiteMinder Test Tool Help:
     <policy server home>\bin\smtest-help


References

CVE-2009-3731 - WebWorks Help XSS


Acknowledgement

CVE-2009-3731 - Daniel Grzelak and Alex Kouzemtchenko of stratsec 
(www.stratsec.net)


Change History

Version 1.0: Initial Release


If additional information is required, please contact CA Support 
at https://support.ca.com.

If you discover a vulnerability in CA products, please report your 
findings to the CA Product Vulnerability Response Team.
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782



Regards,
Ken Williams, Director ; 0xE2941985
CA Product Vulnerability Response Team


CA, 1 CA Plaza, Islandia, NY 11749
	
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2010 CA. All rights reserved.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC