Bug 766469 (CVE-2011-4605)
| Summary: | CVE-2011-4605 JNDI: unauthenticated remote write access is permitted by default | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | David Jorm <djorm> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | atangrin, bgeorges, brms-jira, dandread, darran.lofthouse, dereed, hfnukal, jawilson, jcoleman, jlivings, mjc, ncross, nwallace, rcvalle, security-response-team, tkirby |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-09-19 21:01:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 769150, 826961 | ||
| Bug Blocks: | 766471 | ||
|
Description
David Jorm
2011-12-12 06:15:25 UTC
Acknowledgements: Red Hat would like to thank Christian Schlüter (VIADA) for reporting this issue. It was found that the JBoss HA-JNDI service also allows unauthenticated remote write access by default. A remote attacker that is able to access port 1100 on a JBoss server that has HA-JNDI enabled could exploit this flaw to add, delete and modify items in the JNDI tree. This could lead to a wide range of attacks, affecting the integrity, availability and confidentiality of the system. It was found that the HAJNDIFactory invoker servlet also allows unauthenticated remote write access by default. The HAJNDIFactory invoker servlet is only exposed by default in the "all" and "production" profiles on EAP 5.1.2. This issue has been addressed in following products: JBEWP 5 for RHEL 4 JBEWP 5 for RHEL 5 JBEWP 5 for RHEL 6 Via RHSA-2012:1027 https://rhn.redhat.com/errata/RHSA-2012-1027.html This issue has been addressed in following products: JBEAP 5 for RHEL 4 JBEAP 5 for RHEL 5 JBEAP 5 for RHEL 6 Via RHSA-2012:1026 https://rhn.redhat.com/errata/RHSA-2012-1026.html This issue has been addressed in following products: JBEAP 4.3.0 for RHEL 4 JBEAP 4.3.0 for RHEL 5 Via RHSA-2012:1025 https://rhn.redhat.com/errata/RHSA-2012-1025.html This issue has been addressed in following products: JBoss Enterprise Application Platform 4.3.0 CP10 Via RHSA-2012:1024 https://rhn.redhat.com/errata/RHSA-2012-1024.html This issue has been addressed in following products: JBoss Enterprise Web Platform 5.1.2 Via RHSA-2012:1023 https://rhn.redhat.com/errata/RHSA-2012-1023.html This issue has been addressed in following products: JBoss Enterprise Application Platform 5.1.2 Via RHSA-2012:1022 https://rhn.redhat.com/errata/RHSA-2012-1022.html This issue has been addressed in following products: JBoss Enterprise BRMS Platform 5.3.0 Via RHSA-2012:1028 https://rhn.redhat.com/errata/RHSA-2012-1028.html This issue has been addressed in following products: JBoss Enterprise Portal Platform 4.3 CP07 Via RHSA-2012:1109 https://rhn.redhat.com/errata/RHSA-2012-1109.html This issue has been addressed in following products: JBoss Enterprise SOA Platform 5.3.0 Via RHSA-2012:1125 https://rhn.redhat.com/errata/RHSA-2012-1125.html This issue has been addressed in following products: JBoss Enterprise Portal Platform 5.2.2 Via RHSA-2012:1232 https://rhn.redhat.com/errata/RHSA-2012-1232.html This issue has been addressed in following products: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 Via RHSA-2012:1295 https://rhn.redhat.com/errata/RHSA-2012-1295.html |