procheckup logo
sidebar_boxes_image

Contact Us

Find out more information about ProCheckUp click here.


sidebar_boxes_image

Services

Find out more about ProCheckUp services here.


sidebar_boxes_image

Events

  • PCI DSS User Group meeting

    Neira Jones will be speaking on Barclaycards current approach to PCI and offering advice and guidance to merchants.

Click here to see more events.

Vulnerabilities 2008


PR08-09 Unauthenticated File Retrieval on Sun Java System Identity Manager "ext" parameter


  • Advisory publicly released: Monday, 10 November 2008
  • Vulnerability found: Friday, 25 April 2008
  • Vendor informed: Monday, 28 April 2008
  • Severity level: High
  • Credits
    Richard Brain of ProCheckUp Ltd (www.procheckup.com).

    ProCheckUp thanks Sun for working with us.
  • Description
    Sun Java System Identity Manager is vulnerable to unauthenticated file retrieval a.k.a. directory traversal within the "ext" parameter processed by the "/idm/includes/helpServer.jsp" server-side script.
  • Proof of concept
    Due to the severity of this issue, ProCheckUp will keep the PoC private until all Sun Identity Manager customers are given enough time to update.
  • How to fix
    Apply the patches released by Sun. This vulnerability has been filed as Sun Bugzilla bug 18653.

    http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1
  • BID
    32262
  • Consequences
    Any files can be retrieved from the target server provided that the attacker knows its location on the filesystem. No authentication is required to exploit this vulnerability.
  • Successfully tested on
    Server environment:

    Sun Java System Identity Manager 6.0 (20061212 SP 2)
    Apache-Coyote/1.1
    Apache Tomcat/5.0.28



    Client environment:

    Microsoft Internet Explorer 7.0.5730.11

    Note: the version of Sun Java SIM can be obtained from the HTML source code of the user login page: "/idm/user/login.jsp". i.e.:

    [snip]

    <a onmouseover="return overlib('Open <b>Help</b><br>Version &nbsp;
    Sun Java System Identity Manager 6.0 (20061212 SP 2)',
    FGCOLOR, '#F5F5DC',
    BGCOLOR, '#000000',
    DELAY, '750')"
    [snip]



    Sun has confirmed the following products to be affected by this issue:

    Sun Java System Identity Manager 6.0, Sun Java System Identity Manager 7.0, Sun Java System Identity Manager 7.1
  • References


    http://www.procheckup.com/vulnerability_manager


    http://www.sun.com/software/products/identity_mgr/index.xml


  • Legal
    Copyright 2008 ProCheckUp Ltd.

    All rights reserved. Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if the Bulletin is not changed or edited in any way, is attributed to ProCheckUp indicating this web page URL, and provided such reproduction and/or distribution is performed for non-commercial purposes.

    Any other use of this information is prohibited.

    ProCheckUp is not liable for any misuse of this information by any third party. ProCheckUp is not responsible for the content of external Internet sites.