TITLE:
IBM Cloudscape Command Injection Vulnerability
SECUNIA ADVISORY ID:
SA10807
VERIFY ADVISORY:
http://www.secunia.com/advisories/10807/
CRITICAL:
Moderately critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
From local network
SOFTWARE:
IBM Cloudscape 5.x
DESCRIPTION:
Marc Schoenefeld has reported a vulnerability in IBM
Cloudscape, which can be exploited by malicious people to
disclose information, cause a DoS (Denial of Service) or
execute arbitrary executables present on an affected
system.
The vulnerability can reportedly be exploited via
specially crafted SQL statements and is caused due to a
combination of various errors in some classes in JDK 1.4.x
and insecure default security manager settings in
Cloudscape.
The vulnerability has been reported in version 5.1 for
Windows.
SOLUTION:
Create proper security manager settings for Cloudscape.
PROVIDED AND/OR DISCOVERED BY:
Marc Schoenefeld
About:
This Advisory was delivered by Secunia as a free service
to help everybody keeping their systems up to date against
the latest vulnerabilities.
Subscribe:
http://www.secunia.com/secunia_secu...dvisories/
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you
receive by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party
patches, only use those supplied by the vendor.
Como ya vimos ayer, y por desgracia, en todos sitios
cuecen habas :-(
Un saludo anónimo XDDDDDD
Salu2!!
Javier Inglés
MS MVP
Últimos mensajes - Powered by IBM
Palabras claves
Hacer una pregunta
Siga el debate
Tengo una respuesta
Sábado 27 de abril - 20:43
Registrar
Leer las respuestas