Bug 818837 (CVE-2012-2312)

Summary: CVE-2012-2312 JBoss AS 7: Security Context Propagation - When re-using thread from thread pool, security context also gets re-used
Product: [Other] Security Response Reporter: Arun Babu Neelicattu <aneelica>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: djorm, dmcphers, grocha, security-response-team, sstark, tkramer
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-31 04:51:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 820451    
Bug Blocks: 818838    

Description Arun Babu Neelicattu 2012-05-04 07:01:25 UTC 
Security context propagation was not properly implemented. As a result, when a thread gets re-used from the thread pool, it still retains the security context from the process that last used it. The new security context is not properly propagated, and hence the previous security context will be in effect. A local attacker can use this flaw to escalate privileges in a malicious application deployed to the JBoss server.
Comment 1 David Jorm 2012-05-04 07:16:24 UTC 
This issue only affects JBoss AS 7.1.0, 7.1.1 and EAP 6 Beta.
Comment 2 David Jorm 2012-05-08 03:23:43 UTC 
Upstream bug: https://issues.jboss.org/browse/JBPAPP-8863
Comment 4 David Jorm 2012-06-14 07:29:39 UTC 
Statement:

This flaw does not affect any Red Hat JBoss products, it only affects the JBoss AS 7 community releases.