Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability
BID:23539
Info
Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability
| Bugtraq ID: | 23539 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1681 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 17 2007 12:00AM |
| Updated: | Nov 15 2007 12:39AM |
| Credit: | Frank Dick disclosed this issue. |
| Vulnerable: |
Sun Solaris 10.0_x86 Sun Solaris 10.0 Sun Java Web Console x86 2.2.5 Sun Java Web Console x86 2.2.4 Sun Java Web Console x86 2.2.3 Sun Java Web Console x86 2.2.2 Sun Java Web Console 2.2.5 Sun Java Web Console 2.2.4 Sun Java Web Console 2.2.3 Sun Java Web Console 2.2.2 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 11.0 Avaya CMS Server 10.0 Avaya CMS Server 9.0 Avaya CMS Server 8.0 Avaya CMS Server 14.0 Avaya CMS Server 13.1 |
| Not Vulnerable: | |
Discussion
Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability
Sun Java Web Console is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
A successful attack may crash the application or possibly lead to arbitrary code execution, which may help the attacker gain unauthorized access to privileged data or escalate their privileges in the context of the user running the application.
Sun Java Web Console is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
A successful attack may crash the application or possibly lead to arbitrary code execution, which may help the attacker gain unauthorized access to privileged data or escalate their privileges in the context of the user running the application.
Exploit / POC
Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability
Solution:
The vendor has released fixes to address this issue; please see the references for details.
Sun Java Web Console 2.2.2
Sun Java Web Console x86 2.2.2
Sun Java Web Console 2.2.3
Sun Java Web Console x86 2.2.3
Sun Java Web Console x86 2.2.4
Sun Java Web Console 2.2.4
Sun Java Web Console x86 2.2.5
Sun Java Web Console 2.2.5
Solution:
The vendor has released fixes to address this issue; please see the references for details.
Sun Java Web Console 2.2.2
-
Sun Product Downloads Sun Java Web Console 2.2.6
http://www.sun.com/download/products.xml?id=461d58be
Sun Java Web Console x86 2.2.2
-
Sun Product Downloads Sun Java Web Console 2.2.6
http://www.sun.com/download/products.xml?id=461d58be
Sun Java Web Console 2.2.3
-
Sun Product Downloads Sun Java Web Console 2.2.6
http://www.sun.com/download/products.xml?id=461d58be
Sun Java Web Console x86 2.2.3
-
Sun Product Downloads Sun Java Web Console 2.2.6
http://www.sun.com/download/products.xml?id=461d58be
Sun Java Web Console x86 2.2.4
-
Sun Product Downloads Sun Java Web Console 2.2.6
http://www.sun.com/download/products.xml?id=461d58be
Sun Java Web Console 2.2.4
-
Sun Product Downloads Sun Java Web Console 2.2.6
http://www.sun.com/download/products.xml?id=461d58be
Sun Java Web Console x86 2.2.5
-
Sun Product Downloads Sun Java Web Console 2.2.6
http://www.sun.com/download/products.xml?id=461d58be
Sun Java Web Console 2.2.5
-
Sun Product Downloads Sun Java Web Console 2.2.6
http://www.sun.com/download/products.xml?id=461d58be
References
Sun Java Web Console LibWebconsole_Services.SO Format String Vulnerability
References:
References:
- Sun Alert ID: 102854 (Sun)
- Sun Solaris Homepage (Sun Microsystems)
- ASA-2007-169 - Security Vulnerability in the Sun Java Web Console May Allow Acce (Avaya)