Bug 735274 (CVE-2010-0737)

Summary: CVE-2010-0737 JBoss ON CLI privilege escalation
Product: [Other] Security Response Reporter: David Jorm <djorm>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mjc, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-02 05:53:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description David Jorm 2011-09-02 05:24:12 UTC 
A missing permission check was found in the JBoss Operations Network CLI, a Java shell that allows you to connect to the JBoss ON server over the command line. An unprivileged JBoss ON user could use this flaw to perform JBoss ON management tasks and configuration changes with the privileges of the administrator user.
Comment 1 David Jorm 2011-09-02 05:50:42 UTC 
Statement:

This issue was fixed by a patch to JBoss Operations Network 2.3.1, available for download from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=1983&product=em&version=2.3.1&downloadType=securityPatches