CVE-2004-0715
CVSS5.1
发布时间 :2004-07-27 00:00:00
修订时间 :2008-09-05 16:39:12
NMCOS    

[原文]The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.


[CNNVD]BEA WebLogic验证提供方权限继承漏洞(CNNVD-200407-060)

        
        BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。
        BEA WebLogic Server包含的验证提供方(Authentication Provider)存在安全问题,本地攻击者可以利用这个漏洞未授权进行管理访问。
        问题存在于安全域中使用WebLogic验证提供方作为默认验证提供者的配置情况下,当下面的事件发生时会存在此问题:
        1、系统管理员建立一组(如Group1)。
        2、系统管理员然后建立Group2组。
        3、系统管理员使Group1作为Group2成员。
        4、系统管理员删除Group2然后再次建立。
        虽然Group2是新组,它仍旧拥有Group1的成员,如果Group1是管理权限,那么新的Group2组也照样拥有管理员权限。有可能造成越权访问。
        

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:8.1:sp1:expressBEA Systems WebLogic Express 8.1 SP1
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0BEA Systems WebLogic Server 7.0
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:8.1:sp2:expressBEA Systems WebLogic Express 8.1 SP2
cpe:/a:bea:weblogic_server:8.1:sp1:win32BEA Systems WebLogic Server 8.1 SP1 Win32
cpe:/a:bea:weblogic_server:8.1::win32
cpe:/a:bea:weblogic_server:8.1:sp2:win32BEA Systems WebLogic Server 8.1 SP2 Win32
cpe:/a:bea:weblogic_server:8.1::express
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:8.1:sp1BEA Systems WebLogic Server 8.1 SP1
cpe:/a:bea:weblogic_server:7.0:sp4
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0:sp3:express
cpe:/a:bea:weblogic_server:7.0:sp2:win32
cpe:/a:bea:weblogic_server:7.0:sp3:win32
cpe:/a:bea:weblogic_server:8.1:sp2BEA Systems WebLogic Server 8.1 SP2
cpe:/a:bea:weblogic_server:7.0:sp4:express
cpe:/a:bea:weblogic_server:7.0:sp3
cpe:/a:bea:weblogic_server:8.1BEA Systems WebLogic Server 8.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0715
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0715
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-060
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/470470
(VENDOR_ADVISORY)  CERT-VN  VU#470470
http://www.securityfocus.com/bid/10130
(VENDOR_ADVISORY)  BID  10130
http://xforce.iss.net/xforce/xfdb/15861
(VENDOR_ADVISORY)  XF  weblogic-authentication-gain-privileges(15861)
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
(UNKNOWN)  CONFIRM  http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
http://www.osvdb.org/5299
(UNKNOWN)  OSVDB  5299
http://securitytracker.com/id?1009763
(UNKNOWN)  SECTRACK  1009763
http://secunia.com/advisories/11356
(UNKNOWN)  SECUNIA  11356

- 漏洞信息

BEA WebLogic验证提供方权限继承漏洞
中危 访问验证错误
2004-07-27 00:00:00 2005-10-20 00:00:00
远程  
        
        BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。
        BEA WebLogic Server包含的验证提供方(Authentication Provider)存在安全问题,本地攻击者可以利用这个漏洞未授权进行管理访问。
        问题存在于安全域中使用WebLogic验证提供方作为默认验证提供者的配置情况下,当下面的事件发生时会存在此问题:
        1、系统管理员建立一组(如Group1)。
        2、系统管理员然后建立Group2组。
        3、系统管理员使Group1作为Group2成员。
        4、系统管理员删除Group2然后再次建立。
        虽然Group2是新组,它仍旧拥有Group1的成员,如果Group1是管理权限,那么新的Group2组也照样拥有管理员权限。有可能造成越权访问。
        

- 公告与补丁

        厂商补丁:
        BEA Systems
        -----------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        WebLogic Server和WebLogic Express version 8.1:
        升级到WebLogic Server和WebLogic Express version 8.1 Service Pack 2
        ftp://ftpna.beasys.com/pub/releases/security/wlSecurityProviders81.jar
        WebLogic Server和WebLogic Express version 7.0系统升级到Service Pack 5:
        
        http://commerce.beasys.com/downloads/weblogic_server.jsp#wls

- 漏洞信息

16841
BEA WebLogic Authentication Provider Unspecified Privilege Escalation
Local Access Required Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

WebLogic Authentication provider contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue exists because member relationships are not properly cleared when a group is deleted. A new group with the same name will unintentionally be granted the privileges of the legacy group. This flaw may lead to a loss of integrity.

- 时间线

2005-04-13 Unknow
2005-04-13 Unknow

- 解决方案

For WebLogic Server and Express 7.0, upgrade to version 7.0 SP5 or higher, and for WebLogic Server and Express 8.1, upgrade to version 8.1 SP3 or higher as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

BEA WebLogic Authentication Provider Privilege Inheritance Vulnerability
Access Validation Error 10130
Yes No
2004-04-13 12:00:00 2009-07-12 04:06:00
This issue was announced in the referenced vendor advisory.

- 受影响的程序版本

BEA Systems WebLogic Server for Win32 8.1 SP 2
BEA Systems WebLogic Server for Win32 8.1 SP 1
BEA Systems WebLogic Server for Win32 8.1
BEA Systems WebLogic Server for Win32 7.0 SP 4
BEA Systems WebLogic Server for Win32 7.0 SP 3
BEA Systems WebLogic Server for Win32 7.0 SP 2
BEA Systems WebLogic Server for Win32 7.0 SP 1
BEA Systems WebLogic Server for Win32 7.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems Weblogic Server 8.1 SP 2
BEA Systems Weblogic Server 8.1 SP 1
BEA Systems Weblogic Server 8.1
BEA Systems Weblogic Server 7.0 SP 4
BEA Systems Weblogic Server 7.0 SP 3
BEA Systems Weblogic Server 7.0 SP 2
BEA Systems Weblogic Server 7.0 SP 1
BEA Systems Weblogic Server 7.0
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems WebLogic Express for Win32 8.1 SP 2
BEA Systems WebLogic Express for Win32 8.1 SP 1
BEA Systems WebLogic Express for Win32 8.1
BEA Systems WebLogic Express for Win32 7.0 SP 4
BEA Systems WebLogic Express for Win32 7.0 SP 3
BEA Systems WebLogic Express for Win32 7.0 SP 2
BEA Systems WebLogic Express for Win32 7.0 SP 1
BEA Systems WebLogic Express for Win32 7.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Express 8.1 SP 2
BEA Systems WebLogic Express 8.1 SP 1
BEA Systems WebLogic Express 8.1
BEA Systems WebLogic Express 7.0 SP 4
BEA Systems WebLogic Express 7.0 SP 3
BEA Systems WebLogic Express 7.0 SP 2
BEA Systems WebLogic Express 7.0 SP 1
BEA Systems WebLogic Express 7.0
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems WebLogic Server for Win32 7.0 SP 5
BEA Systems Weblogic Server 7.0 SP 5
BEA Systems WebLogic Express for Win32 7.0 SP 5
BEA Systems WebLogic Express 7.0 SP 5

- 不受影响的程序版本

BEA Systems WebLogic Server for Win32 7.0 SP 5
BEA Systems Weblogic Server 7.0 SP 5
BEA Systems WebLogic Express for Win32 7.0 SP 5
BEA Systems WebLogic Express 7.0 SP 5

- 漏洞讨论

BEA WebLogic Server and Express are prone to an issue that may cause administrative privileges to be inherited by a secondary group that these permissions have not been explicitly granted to. This issue exists in the default Authentication provider and may allow for unauthorized administrative access to a security realm.

- 漏洞利用

Exploit code would not be required for this issue although it may occur inadvertently when an administrator is deleting and creating new groups.

- 解决方案

BEA Systems has released SECURITY ADVISORY (BEA04-52.01), which supersedes the initial BEA04-52.00 advisory. This advisory includes updated resolution information for WebLogic 8.1.

Users of WebLogic 7.0 are advised to upgrade to WebLogic 7.0 SP 5. Patch information has also been provided for WebLogic 8.1 SP 2. Users of WebLogic 8.1 will be required to upgrade to SP 2 before applying the available patch. Please see the attached advisory for further details.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站