Bug 766469 (CVE-2011-4605) - CVE-2011-4605 JNDI: unauthenticated remote write access is permitted by default
Summary: CVE-2011-4605 JNDI: unauthenticated remote write access is permitted by default
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-4605
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 769150 826961
Blocks: 766471
TreeView+ depends on / blocked
 
Reported: 2011-12-12 06:15 UTC by David Jorm
Modified: 2019-09-29 12:48 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-19 21:01:57 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1022 normal SHIPPED_LIVE Important: jbossas security update 2012-06-20 20:02:59 UTC
Red Hat Product Errata RHSA-2012:1023 normal SHIPPED_LIVE Important: jbossas security update 2012-06-20 20:02:55 UTC
Red Hat Product Errata RHSA-2012:1024 normal SHIPPED_LIVE Important: jbossas security update 2012-06-20 20:02:50 UTC
Red Hat Product Errata RHSA-2012:1025 normal SHIPPED_LIVE Important: jbossas security update 2012-06-20 20:02:41 UTC
Red Hat Product Errata RHSA-2012:1026 normal SHIPPED_LIVE Important: jbossas and jboss-naming security update 2012-06-20 20:02:33 UTC
Red Hat Product Errata RHSA-2012:1027 normal SHIPPED_LIVE Important: jbossas-web and jboss-naming security update 2012-06-20 20:02:18 UTC
Red Hat Product Errata RHSA-2012:1028 normal SHIPPED_LIVE Important: JBoss Enterprise BRMS Platform 5.3.0 update 2012-06-22 05:19:30 UTC
Red Hat Product Errata RHSA-2012:1109 normal SHIPPED_LIVE Important: jbossas security update 2012-07-23 21:53:55 UTC
Red Hat Product Errata RHSA-2012:1125 normal SHIPPED_LIVE Important: JBoss Enterprise SOA Platform 5.3.0 update 2012-07-31 18:32:35 UTC
Red Hat Product Errata RHSA-2012:1232 normal SHIPPED_LIVE Important: JBoss Enterprise Portal Platform 5.2.2 update 2012-09-05 20:25:36 UTC
Red Hat Product Errata RHSA-2012:1295 normal SHIPPED_LIVE Important: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update 2012-09-19 21:51:11 UTC

Description David Jorm 2011-12-12 06:15:25 UTC
It was found that the JBoss JNDI service allows unauthenticated remote write access by default. The JNDI service, HA-JNDI service and HAJNDIFactory invoker servlet are all affected. A remote attacker that is able to access port 1099 (JNDI), port 1100 (HA-JNDI) or the HAJNDIFactory invoker servlet on a JBoss server could exploit this flaw to add, delete and modify items in the JNDI tree. This could lead to a wide range of attacks, affecting the integrity, availability and confidentiality of the system.

Comment 3 David Jorm 2011-12-15 01:28:43 UTC
Acknowledgements:

Red Hat would like to thank Christian Schlüter (VIADA) for reporting this issue.

Comment 7 David Jorm 2012-02-21 05:42:40 UTC
It was found that the JBoss HA-JNDI service also allows unauthenticated remote write access by default. A remote attacker that is able to access port 1100 on a JBoss server that has HA-JNDI enabled could exploit this flaw to add, delete and modify items in the JNDI tree. This could lead to a wide range of attacks, affecting the integrity, availability and confidentiality of the system.

Comment 8 David Jorm 2012-02-21 05:49:54 UTC
It was found that the HAJNDIFactory invoker servlet also allows unauthenticated remote write access by default.

Comment 9 David Jorm 2012-02-21 06:05:00 UTC
The HAJNDIFactory invoker servlet is only exposed by default in the "all" and "production" profiles on EAP 5.1.2.

Comment 12 errata-xmlrpc 2012-06-20 16:05:43 UTC
This issue has been addressed in following products:

  JBEWP 5 for RHEL 4
  JBEWP 5 for RHEL 5
  JBEWP 5 for RHEL 6

Via RHSA-2012:1027 https://rhn.redhat.com/errata/RHSA-2012-1027.html

Comment 13 errata-xmlrpc 2012-06-20 16:05:50 UTC
This issue has been addressed in following products:

  JBEAP 5 for RHEL 4
  JBEAP 5 for RHEL 5
  JBEAP 5 for RHEL 6

Via RHSA-2012:1026 https://rhn.redhat.com/errata/RHSA-2012-1026.html

Comment 14 errata-xmlrpc 2012-06-20 16:06:27 UTC
This issue has been addressed in following products:

  JBEAP 4.3.0 for RHEL 4
  JBEAP 4.3.0 for RHEL 5

Via RHSA-2012:1025 https://rhn.redhat.com/errata/RHSA-2012-1025.html

Comment 15 errata-xmlrpc 2012-06-20 16:07:01 UTC
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 4.3.0 CP10

Via RHSA-2012:1024 https://rhn.redhat.com/errata/RHSA-2012-1024.html

Comment 16 errata-xmlrpc 2012-06-20 16:07:34 UTC
This issue has been addressed in following products:

  JBoss Enterprise Web Platform 5.1.2

Via RHSA-2012:1023 https://rhn.redhat.com/errata/RHSA-2012-1023.html

Comment 17 errata-xmlrpc 2012-06-20 16:08:07 UTC
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 5.1.2

Via RHSA-2012:1022 https://rhn.redhat.com/errata/RHSA-2012-1022.html

Comment 18 errata-xmlrpc 2012-06-22 01:21:34 UTC
This issue has been addressed in following products:

  JBoss Enterprise BRMS Platform 5.3.0

Via RHSA-2012:1028 https://rhn.redhat.com/errata/RHSA-2012-1028.html

Comment 19 errata-xmlrpc 2012-07-23 17:59:56 UTC
This issue has been addressed in following products:

  JBoss Enterprise Portal Platform 4.3 CP07

Via RHSA-2012:1109 https://rhn.redhat.com/errata/RHSA-2012-1109.html

Comment 20 errata-xmlrpc 2012-07-31 14:33:33 UTC
This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 5.3.0

Via RHSA-2012:1125 https://rhn.redhat.com/errata/RHSA-2012-1125.html

Comment 21 errata-xmlrpc 2012-09-05 16:27:04 UTC
This issue has been addressed in following products:

  JBoss Enterprise Portal Platform 5.2.2

Via RHSA-2012:1232 https://rhn.redhat.com/errata/RHSA-2012-1232.html

Comment 22 errata-xmlrpc 2012-09-19 17:52:39 UTC
This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05

Via RHSA-2012:1295 https://rhn.redhat.com/errata/RHSA-2012-1295.html


Note You need to log in before you can comment on or make changes to this bug.