CVE-2006-2513
CVSS7.5
发布时间 :2006-05-22 17:06:00
修订时间 :2011-03-07 21:36:20
NMCOS    

[原文]Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges.


[CNNVD]Sun Java 系统目录服务器 认证绕过漏洞(CNNVD-200605-413)

        Sun Java系统目录服务器是Java企业系统的一个组件,为企业管理大量用户信息提供用户管理基础架构。
        Sun Java系统目录服务器5.2版本中的安全漏洞可能允许本地或远程用户通过登录到目录服务器控制台获得对目录服务器的非授权管理访问。
        这个漏洞取决于目录服务器产品在初始安装时所使用的版本。如果初始安装是从受影响版本进行的,就会将错误的用户数据输入到管理服务器例程安装过程中所创建的文件中,之后将产品升级到不受影响版本也无法修复这个漏洞。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:sun:java_system_directory_server:5.2:2004q2Sun Java System Directory Server 5.2 2004Q2
cpe:/a:sun:java_system_directory_server:5.2:2005q1Sun Java System Directory Server 5.2 2005Q1
cpe:/a:sun:java_system_directory_server:5.2:2005q4Sun Java System Directory Server 5.2 2005Q4
cpe:/a:sun:java_system_directory_server:5.2:2003q4Sun Java System Directory Server 5.2 2003Q4
cpe:/a:sun:java_system_directory_server:5.2Sun Java System Directory Server 5.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2513
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2513
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-413
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/26477
(PATCH)  XF  sun-java-unauth-access(26477)
http://www.securityfocus.com/bid/18018
(PATCH)  BID  18018
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102345-1
(PATCH)  SUNALERT  102345
http://securitytracker.com/id?1016112
(PATCH)  SECTRACK  1016112
http://secunia.com/advisories/20144
(VENDOR_ADVISORY)  SECUNIA  20144
http://www.vupen.com/english/advisories/2006/1832
(UNKNOWN)  VUPEN  ADV-2006-1832

- 漏洞信息

Sun Java 系统目录服务器 认证绕过漏洞
高危 资料不足
2006-05-22 00:00:00 2006-05-23 00:00:00
远程※本地  
        Sun Java系统目录服务器是Java企业系统的一个组件,为企业管理大量用户信息提供用户管理基础架构。
        Sun Java系统目录服务器5.2版本中的安全漏洞可能允许本地或远程用户通过登录到目录服务器控制台获得对目录服务器的非授权管理访问。
        这个漏洞取决于目录服务器产品在初始安装时所使用的版本。如果初始安装是从受影响版本进行的,就会将错误的用户数据输入到管理服务器例程安装过程中所创建的文件中,之后将产品升级到不受影响版本也无法修复这个漏洞。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102345-1

- 漏洞信息

25575
Sun Java System Directory Server Console Authentication Bypass
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-05-16 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Sun Java System Directory Server Authentication Bypass Vulnerability
Unknown 18018
Yes Yes
2006-05-17 12:00:00 2012-01-11 05:00:00
This issue was disclosed by the vendor.

- 受影响的程序版本

Sun Java System Directory Server 5.2 Patch4
Sun Java System Directory Server 5.2 Patch3
Sun Java System Directory Server 5.2 Patch2
Sun Java System Directory Server 5.2 2005Q4
Sun Java System Directory Server 5.2 2005Q1
Sun Java System Directory Server 5.2 2004Q2
Sun Java System Directory Server 5.2 2003Q4
Sun Java System Directory Server 5.2
Blue Coat Systems Policy Center 8.7
Blue Coat Systems Policy Center 8.6
Blue Coat Systems Policy Center 0
Blue Coat Systems Policy Center 8.7.2

- 不受影响的程序版本

Blue Coat Systems Policy Center 8.7.2

- 漏洞讨论

Sun Java System Directory Server is susceptible to an authentication-bypass vulnerability. This issue is due to an unspecified flaw in the application's installation process.

This issue allows local and remote attackers to gain administrative access to the affected service by logging into the Directory Server console. This may aid them in further attacks. Once attackers have administrative access to the directory server, they may alter data stored there; this data is used by other network services that depend on the directory server for authentication.

Sun Java System Directory Server version 5.2, and version 5.2 patchsets 2, 3, and 4 are vulnerable. If patchset 4 was not installed as an incremental package, it will not be affected. After this issue has been triggered, further installation of fixed packages will not resolve this issue.

- 漏洞利用

To exploit this issue, attackers use the directory server console.

- 解决方案

The vendor has released Sun Alert ID 102345, along with manual workaround information to address this issue. Please see the referenced advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站