IBM WebSphere Application Server 'iscdeploy' Script Insecure File Permissions Vulnerability
BID:51420
Info
IBM WebSphere Application Server 'iscdeploy' Script Insecure File Permissions Vulnerability
| Bugtraq ID: | 51420 |
| Class: | Design Error |
| CVE: |
CVE-2011-1376 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 16 2012 12:00AM |
| Updated: | Mar 27 2012 06:40AM |
| Credit: | Reported by the vendor |
| Vulnerable: |
IBM Websphere Application Server for IBM i 7.0 3 IBM Websphere Application Server for IBM i 7.0 .9 IBM Websphere Application Server for IBM i 7.0 .8 IBM Websphere Application Server for IBM i 7.0 .2 IBM Websphere Application Server for IBM i 7.0 .13 IBM Websphere Application Server for IBM i 7.0 .12 IBM Websphere Application Server for IBM i 7.0 .11 IBM Websphere Application Server for IBM i 6.1 41 IBM Websphere Application Server for IBM i 6.1 .4 IBM Websphere Application Server for IBM i 6.1 .33 IBM Websphere Application Server for IBM i 6.1 .32 IBM Websphere Application Server for IBM i 6.1 .3 IBM Websphere Application Server for IBM i 6.1 .25 IBM Websphere Application Server for IBM i 6.1 .23 IBM Websphere Application Server for IBM i 6.1 .22 IBM Websphere Application Server for IBM i 6.1 .21 IBM Websphere Application Server for IBM i 6.1 .20 IBM Websphere Application Server for IBM i 6.1 .2 IBM Websphere Application Server for IBM i 6.1 .19 IBM Websphere Application Server for IBM i 6.1 .18 IBM Websphere Application Server for IBM i 6.1 .17 IBM Websphere Application Server for IBM i 6.1 .15 IBM Websphere Application Server for IBM i 6.1 .14 IBM Websphere Application Server for IBM i 6.1 .13 IBM Websphere Application Server for IBM i 6.1 .12 IBM Websphere Application Server for IBM i 6.1 .11 IBM Websphere Application Server for IBM i 6.1 .10 IBM Websphere Application Server for IBM i 6.1 .1 IBM Websphere Application Server for IBM i 6.1 IBM Websphere Application Server for IBM i 8.0.0.1 IBM Websphere Application Server for IBM i 8.0.0.0 IBM Websphere Application Server for IBM i 7.0.0.7 IBM Websphere Application Server for IBM i 7.0.0.6 IBM Websphere Application Server for IBM i 7.0.0.5 IBM Websphere Application Server for IBM i 7.0.0.4 IBM Websphere Application Server for IBM i 7.0.0.19 IBM Websphere Application Server for IBM i 7.0.0.17 IBM Websphere Application Server for IBM i 7.0.0.15 IBM Websphere Application Server for IBM i 7.0.0.14 IBM Websphere Application Server for IBM i 7.0.0.1 IBM Websphere Application Server for IBM i 7.0 IBM Websphere Application Server for IBM i 6.1.0.39 IBM Websphere Application Server for IBM i 6.1.0.35 IBM Websphere Application Server for IBM i 6.1.0.34 IBM Websphere Application Server for IBM i 6.1.0.31 IBM Websphere Application Server for IBM i 6.1.0.29 IBM Websphere Application Server for IBM i 6.1.0.27 |
| Not Vulnerable: | |
Discussion
IBM WebSphere Application Server 'iscdeploy' Script Insecure File Permissions Vulnerability
IBM WebSphere Application Server is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue to obtain potentially sensitive information or modify files in certain directories. Information obtained may aid in further attacks.
The following versions are vulnerable:
IBM WebSphere Application Server versions 6.1 through 6.1.0.41
IBM WebSphere Application Server versions 7.0 through 7.0.0.19
IBM WebSphere Application Server versions 8.0 through 8.0.0.1
NOTE: This issue only affects IBM WebSphere Application Server running on IBM i. Other operating system versions are not affected.
IBM WebSphere Application Server is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue to obtain potentially sensitive information or modify files in certain directories. Information obtained may aid in further attacks.
The following versions are vulnerable:
IBM WebSphere Application Server versions 6.1 through 6.1.0.41
IBM WebSphere Application Server versions 7.0 through 7.0.0.19
IBM WebSphere Application Server versions 8.0 through 8.0.0.1
NOTE: This issue only affects IBM WebSphere Application Server running on IBM i. Other operating system versions are not affected.
Exploit / POC
IBM WebSphere Application Server 'iscdeploy' Script Insecure File Permissions Vulnerability
Attackers can use readily available tools and standard commands to exploit this issue.
Attackers can use readily available tools and standard commands to exploit this issue.
Solution / Fix
IBM WebSphere Application Server 'iscdeploy' Script Insecure File Permissions Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
IBM WebSphere Application Server 'iscdeploy' Script Insecure File Permissions Vulnerability
References:
References:
- IBM Websphere Application Server iscdeploy script insecure permissions (IBM)
- IBM Websphere Homepage (IBM)
- PM49712; 8.0.0.1: Incorrect native file permissions for WSAS on IBM i (IBM)
- Possible security exposure for WebSphere Application Server on IBM i (PM49712) ( (IBM)
- Security Bulletin: Potential Security Vulnerabilities in IBM WebSphere Applicati (IBM)