|
|
ESB-2012.0482 - ALERT [Win][UNIX/Linux] HP Business Service Management: Execute arbitrary code/commands - Remote/unauthenticated |
|
Date: 18 May 2012 Original URL: http://www.auscert.org.au/render.html?cid=1980&it=15852 References: ESB-2012.0572.2 Click here for PGP verifiable version -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.0482
A remote code execution vulnerability exists in HP Business
Service Management 9.12
18 May 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: HP Business Service Management
Publisher: Hewlett-Packard
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Mitigation
CVE Names: CVE-2012-2561
Original Bulletin:
http://www.kb.cert.org/vuls/id/859230
Comment: Note: No patch currently exists for this vulnerability. It is advised
to restrict access via firewall from untrusted sources to TCP ports
4444, 1098, and 1099.
- --------------------------BEGIN INCLUDED TEXT--------------------
Vulnerability Note VU#859230
HP Business Service Management 9.12 remote code execution vulnerability
Original Release date: 16 May 2012 | Last revised: 16 May 2012
Overview
The HP Business Service Management (HPBSM) application contains a
remote code execution vulnerability. Version 9.12 has been reported to
be affected but other versions may also be affected.
Description
HPBSM uses the JBOSS application server. In the default configuration,
HPBSM contains open ports that may be accessed by an unauthenticated
attacker. The attacker can upload a jsp-shell as a .war file and have
the JBOSS application server deploy it as a service. In the default
configuration, this attacker shell will run with SYSTEM privileges.
Impact
An unauthenticated attacker may be able to deploy a backdoor shell with
SYSTEM privileges.
Solution
We are currently unaware of a practical solution to this problem.
Please consider the following workarounds.
Restrict Access
Implement appropriate firewall rules to block traffic from untrusted
sources to TCP ports 4444, 1098, and 1099.
Vendor Information
Vendor Status Date Notified Date Updated
Hewlett-Packard Company Affected 02 Apr 2012 16 May 2012
CVSS Metrics (Learn More)
Group Score Vector
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 9.0 E:H/RL:U/RC:UC
Environmental 9.0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
References
* http://www8.hp.com/us/en/software/software-solution.html?compURI=tcm:245-937035
Credit
Thanks to David Elze of Daimler TSS for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
* CVE IDs: CVE-2012-2561
* Date Public: 16 May 2012
* Date First Published: 16 May 2012
* Date Last Updated: 16 May 2012
* Document Revision: 17
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBT7Wxm+4yVqjM2NGpAQKL6g//QaAJzBB8T/wa7c7Tz9D13huF6QReQP+u
MRaZbJ209p4+o4OedV3zabVKVaqy43jGdO8rFN0COiD5o5eqA4AFIhGh4lbLUT+1
msFPq9esVuGQW1Vun4FuqncroiphofGSNEAY3RuILtuhi8bcdaWVsjwF/twptnji
+lkwz/3Pk+R1Fwh6Ok7TlIGd0XHlAlEYkQwHnLrqLJ/KylvqbU383f3jnl/LQ2ZO
e1fkqcm4E9uxuMQDbRt5fk24QUUa48BJRyHUTbokAlydY3WvRqBSy5CkZcdgQ9Es
hkuS8KR28X47Z91sMwuR90EDbS8vUAZrdExqSRBAS5VOWgeS0F51jT9shK5Wozzn
zjnaz/Nd+W0EsEJBg2/Ve9kRzl4y8QZPf2pePlzcgQK4L+LwekLUiP7OD4AFDRs8
wZeENOtfk4cRX5+Kxy6b9qMtCywneaL+titQgdDB8BHQ4Ll9YGd21bYXFuR8Gy6u
WwE7VbMpIA3x6rXj9ODLuuh2AEyDkf2Evb/feuVJrK0LyMzNnOCyOrfSBojgZiis
hXcnrGF3JhTCGJ8ODz5ydVfLBxUydQAJ7Yth8lAy7zYwoltRvq5t6CWF0C4JAe7B
TGiChwazdAINQIjPuye0jSXf/uoo0MVokGOe0wYE6ceSQpaMM2+PknimmKqh3y5z
2PSrpje0nm8=
=qWIB
-----END PGP SIGNATURE-----
|