Bug 766469 – CVE-2011-4605 JNDI: unauthenticated remote write access is permitted by default

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 766469 - (CVE-2011-4605) CVE-2011-4605 JNDI: unauthenticated remote write access is permitted by default

Summary:	CVE-2011-4605 JNDI: unauthenticated remote write access is permitted by default

Status:	CLOSED ERRATA

Aliases:	CVE-2011-4605

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=important,public=20120620,repo...
Keywords:	Security

Depends On:	769150 826961
Blocks:	766471
	Show dependency tree / graph

Reported:	2011-12-12 01:15 EST by David Jorm
Modified:	2016-11-08 10:56 EST (History)
CC List:	16 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-09-19 17:01:57 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:1022	normal	SHIPPED_LIVE	Important: jbossas security update	2012-06-20 16:02:59 EDT
Red Hat Product Errata	RHSA-2012:1023	normal	SHIPPED_LIVE	Important: jbossas security update	2012-06-20 16:02:55 EDT
Red Hat Product Errata	RHSA-2012:1024	normal	SHIPPED_LIVE	Important: jbossas security update	2012-06-20 16:02:50 EDT
Red Hat Product Errata	RHSA-2012:1025	normal	SHIPPED_LIVE	Important: jbossas security update	2012-06-20 16:02:41 EDT
Red Hat Product Errata	RHSA-2012:1026	normal	SHIPPED_LIVE	Important: jbossas and jboss-naming security update	2012-06-20 16:02:33 EDT
Red Hat Product Errata	RHSA-2012:1027	normal	SHIPPED_LIVE	Important: jbossas-web and jboss-naming security update	2012-06-20 16:02:18 EDT
Red Hat Product Errata	RHSA-2012:1028	normal	SHIPPED_LIVE	Important: JBoss Enterprise BRMS Platform 5.3.0 update	2012-06-22 01:19:30 EDT
Red Hat Product Errata	RHSA-2012:1109	normal	SHIPPED_LIVE	Important: jbossas security update	2012-07-23 17:53:55 EDT
Red Hat Product Errata	RHSA-2012:1125	normal	SHIPPED_LIVE	Important: JBoss Enterprise SOA Platform 5.3.0 update	2012-07-31 14:32:35 EDT
Red Hat Product Errata	RHSA-2012:1232	normal	SHIPPED_LIVE	Important: JBoss Enterprise Portal Platform 5.2.2 update	2012-09-05 16:25:36 EDT
Red Hat Product Errata	RHSA-2012:1295	normal	SHIPPED_LIVE	Important: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update	2012-09-19 17:51:11 EDT

Groups: None (edit)

Description David Jorm 2011-12-12 01:15:25 EST

It was found that the JBoss JNDI service allows unauthenticated remote write access by default. The JNDI service, HA-JNDI service and HAJNDIFactory invoker servlet are all affected. A remote attacker that is able to access port 1099 (JNDI), port 1100 (HA-JNDI) or the HAJNDIFactory invoker servlet on a JBoss server could exploit this flaw to add, delete and modify items in the JNDI tree. This could lead to a wide range of attacks, affecting the integrity, availability and confidentiality of the system.

Comment 3 David Jorm 2011-12-14 20:28:43 EST

Acknowledgements:

Red Hat would like to thank Christian Schlüter (VIADA) for reporting this issue.

Comment 7 David Jorm 2012-02-21 00:42:40 EST

It was found that the JBoss HA-JNDI service also allows unauthenticated remote write access by default. A remote attacker that is able to access port 1100 on a JBoss server that has HA-JNDI enabled could exploit this flaw to add, delete and modify items in the JNDI tree. This could lead to a wide range of attacks, affecting the integrity, availability and confidentiality of the system.

Comment 8 David Jorm 2012-02-21 00:49:54 EST

It was found that the HAJNDIFactory invoker servlet also allows unauthenticated remote write access by default.

Comment 9 David Jorm 2012-02-21 01:05:00 EST

The HAJNDIFactory invoker servlet is only exposed by default in the "all" and "production" profiles on EAP 5.1.2.

Comment 12 errata-xmlrpc 2012-06-20 12:05:43 EDT

This issue has been addressed in following products:

  JBEWP 5 for RHEL 4
  JBEWP 5 for RHEL 5
  JBEWP 5 for RHEL 6

Via RHSA-2012:1027 https://rhn.redhat.com/errata/RHSA-2012-1027.html

Comment 13 errata-xmlrpc 2012-06-20 12:05:50 EDT

This issue has been addressed in following products:

  JBEAP 5 for RHEL 4
  JBEAP 5 for RHEL 5
  JBEAP 5 for RHEL 6

Via RHSA-2012:1026 https://rhn.redhat.com/errata/RHSA-2012-1026.html

Comment 14 errata-xmlrpc 2012-06-20 12:06:27 EDT

This issue has been addressed in following products:

  JBEAP 4.3.0 for RHEL 4
  JBEAP 4.3.0 for RHEL 5

Via RHSA-2012:1025 https://rhn.redhat.com/errata/RHSA-2012-1025.html

Comment 15 errata-xmlrpc 2012-06-20 12:07:01 EDT

This issue has been addressed in following products:

  JBoss Enterprise Application Platform 4.3.0 CP10

Via RHSA-2012:1024 https://rhn.redhat.com/errata/RHSA-2012-1024.html

Comment 16 errata-xmlrpc 2012-06-20 12:07:34 EDT

This issue has been addressed in following products:

  JBoss Enterprise Web Platform 5.1.2

Via RHSA-2012:1023 https://rhn.redhat.com/errata/RHSA-2012-1023.html

Comment 17 errata-xmlrpc 2012-06-20 12:08:07 EDT

This issue has been addressed in following products:

  JBoss Enterprise Application Platform 5.1.2

Via RHSA-2012:1022 https://rhn.redhat.com/errata/RHSA-2012-1022.html

Comment 18 errata-xmlrpc 2012-06-21 21:21:34 EDT

This issue has been addressed in following products:

  JBoss Enterprise BRMS Platform 5.3.0

Via RHSA-2012:1028 https://rhn.redhat.com/errata/RHSA-2012-1028.html

Comment 19 errata-xmlrpc 2012-07-23 13:59:56 EDT

This issue has been addressed in following products:

  JBoss Enterprise Portal Platform 4.3 CP07

Via RHSA-2012:1109 https://rhn.redhat.com/errata/RHSA-2012-1109.html

Comment 20 errata-xmlrpc 2012-07-31 10:33:33 EDT

This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 5.3.0

Via RHSA-2012:1125 https://rhn.redhat.com/errata/RHSA-2012-1125.html

Comment 21 errata-xmlrpc 2012-09-05 12:27:04 EDT

This issue has been addressed in following products:

  JBoss Enterprise Portal Platform 5.2.2

Via RHSA-2012:1232 https://rhn.redhat.com/errata/RHSA-2012-1232.html

Comment 22 errata-xmlrpc 2012-09-19 13:52:39 EDT

This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05

Via RHSA-2012:1295 https://rhn.redhat.com/errata/RHSA-2012-1295.html

Note You need to log in before you can comment on or make changes to this bug.