lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1AFEC156A34D9F4483088A966B57EF5515713CBE74@pa-expf01.vmware.com>
Date: Mon, 17 May 2010 09:14:15 -0700
From: s2-security <s2-security@...are.com>
To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: CVE-2010-1454: SpringSource tc Server unauthenticated remote access
 to JMX interface

CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface

Severity: Critical

Vendor:
SpringSource, a division of VMware

Versions Affected:
tc Server Runtime 6.0.19.A, 6.0.20.A, 6.0.20.B, 6.0.20.C, 6.0.25.A

Description:
A problem has been identified in the com.springsource.tcserver.serviceability.rmi.JmxSocketListener. If the listener is configured to use an encrypted password ( i.e. the password is prefaced with s2enc:// ) then entering either the correct password or an empty string will allow authenticated access to the JMX interface. The JMX interface is not remotely accessible by default but may be configured for remote access by setting the address attribute.

Mitigation:
All users are recommended to immediately switch to non-encrypted passwords for the JMX interface or to disable the JMX interface.
Users wishing to continue to use the JMX interface with encrypted passwords should upgrade the tc Server Runtime to 6.0.20.D or 6.0.25.A-SR01 (included in tc Server 2.0.0.SR01) available from the SpringSource support portal (for customers with support contracts) or the SpringSource download centre.

Credit:
This vulnerability was discovered by Erhan Baz at Yapi Kredi.

References:
[1] http://www.springsource.com/security/tc-server

Mark Thomas
SpringSource Security Team

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ