lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <649CDCB56C88AA458EFF2CBF494B620408A04A96@USILMS12.ca.com>
Date: Thu, 4 Mar 2010 12:43:06 -0500
From: "Williams, James K" <James.Williams@...com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: CA20100304-01: Security Notice for CA SiteMinder

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CA20100304-01: Security Notice for CA SiteMinder


Issued: March 04, 2010


CA's support is alerting customers to a security risk with CA 
SiteMinder. Multiple cross site scripting (XSS) vulnerabilities 
exist that can allow a remote attacker to potentially gain 
sensitive information. CA has provided guidance to remediate the 
vulnerability.

The vulnerabilities, CVE-2009-3731, are due to insufficient 
validation of input strings. An attacker can potentially steal 
network domain credentials by enticing a user to visit a web page 
that contains malicious content.


Risk Rating

Low


Platforms

Windows
Solaris
HP-UX
Red Hat Linux


Affected Products

CA SiteMinder 6.0 (SP4 and earlier)


How to determine if the installation is affected

The vulnerability is caused by an issue with the publishing tool 
used to create the online help and HTML documentation for older CA 
SiteMinder releases (6.0 SP4 and earlier). This vulnerability 
affects CA SiteMinder in the following ways:

 * HTML versions of the product documentation for SiteMinder can 
be deployed on an individual system or through a web server. If 
product documentation has been deployed on a web server the 
SiteMinder 6.0 installation is vulnerable.

 * Online help systems for SiteMinder are deployed and accessible 
through a web server. This vulnerability applies to help systems.

In both cases, this vulnerability applies if web access to the 
associated web servers has been configured to make use of 
non-public (client-specific) information.


Solution

CA SiteMinder:

 * Upgrade Policy Servers to the latest service pack for SiteMinder 
6.0. Remove older versions of the product documentation from your 
servers.

 or

 * For Integrated Document sets, if you have deployed the HTML 
version of documentation to a web server, move the documentation 
to a file server and delete the documentation from the web server.

 * For Online Help systems, remove the help systems from the 
application folders and place them on a file system for future 
reference. Note that this will cause help links to fail in the 
associated applications.

 The folders that contain help systems are:

   o Administrative UI Help:
     <policy server home>\admin\help

   o Policy Server Management Console Help:
     <policy server home>\bin\smconsole-help

   o SiteMinder Test Tool Help:
     <policy server home>\bin\smtest-help


References

CVE-2009-3731 - WebWorks Help XSS


Acknowledgement

CVE-2009-3731 - Daniel Grzelak and Alex Kouzemtchenko of stratsec 
(www.stratsec.net)


Change History

Version 1.0: Initial Release


If additional information is required, please contact CA Support 
at https://support.ca.com.

If you discover a vulnerability in CA products, please report your 
findings to the CA Product Vulnerability Response Team.
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782



Regards,
Ken Williams, Director ; 0xE2941985
CA Product Vulnerability Response Team


CA, 1 CA Plaza, Islandia, NY 11749
	
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2010 CA. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.12.0 (Build 1035)
Charset: utf-8

wj8DBQFLj/EheSWR3+KUGYURAjW/AKCZ1+Azy2f5hZbm7bgKWEly2gDqUwCcD4+w
0C9OCgxqNtYbUZJXRAGWb7E=
=KPvt
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ