Information Assurance
Bugtraq Analysis
Sun Solaris and Java Web Console Format String Vulnerability
back to bugtraq analyses page
|
Problem: A remote exploitable format string vulnerability has been identified in the in the Sun Java Web Console 2.2.2 through 2.2.5. The root cause of the format string vulnerability lies in the logging of failed logins, therefore this vulnerability is exploitable by unauthenticated remote users. Remote users can take advantage of unspecified vectors and execute arbitrary code. The problem lies in libc syslog function.
What could prevent it: Bounds checking on input will fix the buffer overflow vulnerability and not logging invalid user login attempts can prevent the denial of service by flooding the logs and crashing the console.
Work around: Update to Sun Java Web Console 2.2.6 or later.
Patches for Solaris 10 were released by SUN Microsystems to address this issue, a workaround designed by Sun Microsystems is available.
Prevent happening in the future: Do not log failed user attempts and check bounds when writing libraries that take input.
Related Site URLS: CVE - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1681
SUN - http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1
SECUNIA - http://secunia.com/advisories/24927/
|