[OT] IBM Cloudscape Command Injection Vulnerability

06/02/2004 - 13:29 por Javier Inglés [MS MVP] | Informe spam
TITLE:
IBM Cloudscape Command Injection Vulnerability

SECUNIA ADVISORY ID:
SA10807

VERIFY ADVISORY:
http://www.secunia.com/advisories/10807/

CRITICAL:
Moderately critical

IMPACT:
Exposure of sensitive information, DoS, System access

WHERE:
From local network

SOFTWARE:
IBM Cloudscape 5.x

DESCRIPTION:
Marc Schoenefeld has reported a vulnerability in IBM
Cloudscape, which can be exploited by malicious people to
disclose information, cause a DoS (Denial of Service) or
execute arbitrary executables present on an affected
system.

The vulnerability can reportedly be exploited via
specially crafted SQL statements and is caused due to a
combination of various errors in some classes in JDK 1.4.x
and insecure default security manager settings in
Cloudscape.

The vulnerability has been reported in version 5.1 for
Windows.

SOLUTION:
Create proper security manager settings for Cloudscape.

PROVIDED AND/OR DISCOVERED BY:
Marc Schoenefeld


About:
This Advisory was delivered by Secunia as a free service
to help everybody keeping their systems up to date against
the latest vulnerabilities.

Subscribe:
http://www.secunia.com/secunia_secu...dvisories/

Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you
receive by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party
patches, only use those supplied by the vendor.


Como ya vimos ayer, y por desgracia, en todos sitios
cuecen habas :-(

Un saludo anónimo XDDDDDD

Salu2!!
Javier Inglés
MS MVP
 

Leer las respuestas

#1 Fernando Reyes [MS MVP]
06/02/2004 - 15:01 | Informe spam
X''DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

Un saludo
Fernando Reyes [MS MVP]
MCSE Windows 2000

(Corta las dos orejas si quieres escribirme)


"Javier Inglés [MS MVP]" escribió
en el mensaje news:bc9001c3ecac$ded88e10$
Un saludo anónimo XDDDDDD

Salu2!!
Javier Inglés
MS MVP

Preguntas similares