Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface
From: s2-security <s2-security () vmware com>
Date: Mon, 17 May 2010 09:14:15 -0700

CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface

Severity: Critical

Vendor:
SpringSource, a division of VMware

Versions Affected:
tc Server Runtime 6.0.19.A, 6.0.20.A, 6.0.20.B, 6.0.20.C, 6.0.25.A

Description:
A problem has been identified in the com.springsource.tcserver.serviceability.rmi.JmxSocketListener. If the listener is 
configured to use an encrypted password ( i.e. the password is prefaced with s2enc:// ) then entering either the 
correct password or an empty string will allow authenticated access to the JMX interface. The JMX interface is not 
remotely accessible by default but may be configured for remote access by setting the address attribute.

Mitigation:
All users are recommended to immediately switch to non-encrypted passwords for the JMX interface or to disable the JMX 
interface.
Users wishing to continue to use the JMX interface with encrypted passwords should upgrade the tc Server Runtime to 
6.0.20.D or 6.0.25.A-SR01 (included in tc Server 2.0.0.SR01) available from the SpringSource support portal (for 
customers with support contracts) or the SpringSource download centre.

Credit:
This vulnerability was discovered by Erhan Baz at Yapi Kredi.

References:
[1] http://www.springsource.com/security/tc-server

Mark Thomas
SpringSource Security Team

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX interface s2-security (May 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]