|
|
n.runs-SA-2007.007 Sun Microsystems, Inc., Java Web Console Format string vulnerability
n.runs AG
http://www.nruns.com
n.runs-SA-2007.007
security(at)nruns.com
18-Apr-2007
* * *
Vendor: Sun Microsystems, Inc., http://www.sun.com
Affected Products: Solaris 10, Java Web Console 2.2.2 - 2.2.5
Vulnerability: Format string vulnerability
Risk: HIGH
CVE ID: CVE-2007-1681
Sun Alert ID: 102854
SUN bug ID: 6505096
Vendor communication:
| 2006/12/10 | Initial notification of the Sun Security Coordination Team. |
| 2006/12/15 | Sending reminder. |
| 2006/12/15 | Sun provides feedback about the further procedure. |
| 2006/12/23 | Sun confirms vulnerability and assigns bug ID. |
| 2007/02/06 | Requesting update. |
| 2007/02/07 | Sun provides feedback. Fix for the most recent version ready. |
| 2007/02/14 | Sun informs n.runs that the fix for Sun Java Web Console 2.2.4 has been approved and will soon be integrated. Fixes were identified for all other vulnerable versions. |
| 2007/03/05 | Requesting update. |
| 2007/03/07 | Sun awaits patch generation and the start of testing cycles. |
| 2007/03/20 | Sun informs n.runs that patches will be released for Solaris 10. Unbundled versions have to be upgraded to version 2.2.6. |
| 2007/03/25 | Requesting Sun Alert draft. |
| 2007/03/31 | Sun sends draft of Sun Alert. Patches have been completed and the upgrade release is in work. |
| 2007/04/14 | Sun sents public disclosure date. |
Systems Affected:
According to the Sun Security Coordination Team, Solaris 10 Operating System,
Sun Java Web Console 2.2.2, Sun Java Web Console 2.2.3, Sun Java Web Console
2.2.4 and Sun Java Web Console 2.2.5 are affected.
The existence of the vulnerability was verified by n.runs on fully-patched
installations of Solaris 10 6/06 on SPARC and x86 Platform running Sun Java
Web Console 2.2.4.
Overview:
A remote exploitable format string vulnerability has been identified in the in
the Sun Java Web Console [1].
Description:
The Sun Java Web Console is vulnerable to a format string vulnerability.
The root cause of the format string vulnerability lies in the logging of failed
logins, therefore this vulnerability is exploitable by unauthenticated remote
users.
The vulnerability exists as the libc syslog function is called in
/usr/lib/libwebconsole_services.so with two (2) instead of at least three (3)
arguments which enables an attacker to influence the message buffer.
Impact:
The exploitation of this vulnerability may result in unauthorised remote code
execution or cause a denial of service condition by crashing the Java Web
Console service.
Solution:
Update to Sun Java Web Console 2.2.6 or later.
Patches for Solaris 10 were released by SUN Microsystems to address this issue,
a workaround designed by Sun Microsystems is available. [2]
Credit:
Vulnerability found by Frank Dick of n.runs AG.
Additional credits to Felix Lindner of Sabre Labs GmbH for supporting the
vulnerability research.
References:
[1] http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5kh?a=view
[2] http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1
Unaltered electronic reproduction of this advisory is permitted.
For all other reproduction or publication, in printing or otherwise, contact security@nruns.com for permission.
Use of the advisory constitutes acceptance for use in an "as is" condition.
All warranties are excluded. In no event shall n.runs be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages.
Copyright 2007 n.runs AG. All rights reserved. Terms of apply. |
|
 |
|
23. January 2012:
Corporate News
+++ Vitec Holdings GmbH has acquired a majority stake in n.runs AG (75% plus 1 of the outstanding shares of n.runs AG)
* * *
28. December 2011:
Security Advisory
+++ : n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table
* * *
09. November 2011:
Corporate News
+++Addition to the n.runs' Managing Board Stefan Tewes strengthens the
n.runs Managing Board/Vorstand
* * *
02. November 2011:
Corporate News
+++ Holger Follmann completes Supervisory Board of the n.runs AG
* * *
13. October 2011:
Corporate News
+++Revenue of EUR 2,18 Mio achieved in first half year (1st half-year 2010:EUR 2,94 Mio)
+++Modification of the outlook for the business year 2011 based on rescheduled projects. -
Projected 2011 revenue reduced but a profitable result for 2011 are expected.
* * *
29. Juli 2011:
Security Advisory
n.runs-SA-2011.001 - Citrix XenApp / XenDesktop XML Service Stack-Based Buffer Overflow
n.runs-SA-2011.002 - Citrix XenApp / XenDesktop XML Service Heap Corruption
* * *
June 9, 2011:
Corporate News
Change in Supervisory Board
+++ Chairman of the Supervisory Board Günther Paul Löw has resigned from his position
+++ Holger Follmann proposed for the Supervisory Board
* * *
May 27, 2011:
Corporate News
Capital Increase successfully placed
+++Share capital increased by 7 % to 1.425.000 Euro
+++Gross issuing proceeds of 0.3 Mio Euro serves for the expansion of new business area “n.sure”
* * *
November 26, 2010:
Security Advisory
n.runs-SA-2010.003 - HP LaserJet MFP Device PJL Directory Traversal
* * *
November 08, 2010:
Sucess Story
Germanwings successfully tested their web applications with the n.sure service by n.runs AG
* * *
September 20, 2010:
Security Advisory
n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access
to CTI CCA Server
* * *
September 20, 2010:
Security Advisory
n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution at OmniVista 4760
* * *
August 11, 2010:
Corporate News
n.runs publishes the half-year report 2010 which confirms the forecast for the total year 2010
+++ Revenues amounting to EUR 2.94 Million generated, exceeding the previous year’s level by about 9 %
+++ EBIT improves to EUR 0.1 Million (half-year 2009: EUR - 0.48 Million)
+++ Tight cost and liquidity management successfully carried out
+++ Focus on consulting as the core business induces high order entry and continuous acquisition of new customers
* * *
June 16, 2010:
Corporate News
n.runs publishes 2009 Annual Report with outlook to the business year 2010
+++ Revenues amounting to EUR 5.66 Million generated
+++ EBIT improves to EUR -0.32 Million (previous year: EUR - 0.80 Million)
+++ Tight cost and liquidity management successfully implemented
+++Outlook to Business Year 2010: Revenue: EUR 6.50 Million, EBIT EUR 0.40 Million
* * *
5. January 2010:
press release
German Consulting Specialist n.runs AG expands their
portfolio with an “On Demand” Penetration Testing Platform
in cooperation with Indian Supplier iViZ
Security
* * *
11. December 2009:
Corporate News
New n.runs Supervisory Board Elected
+++ New Supervisory Board is confirmed at the 2009 Annual Shareholder Meeting
+++ Günther Paul Löw is chosen as the Chairman of the Supervisory Board
+++ Ralph-Peter Quetz is chosen as the Vice Chairman
* * *
4. September 2009:
Corporate News
n.runs publishes 2008 Annual Report
Revenues increase by 22 Percent to EUR 6,70 Million
+++ EBIT improves by EUR 0,21 Million to EUR -0,80 Millionen
+++ Concentration on profitable Consulting Business
* * *
27 February 2009:
Corporate News
n.runs makes capital increase placement
+++ Subscribed capital increased by 8.7 percent
+++ Funds inflow to be used for reorganization and further growth in consulting
+++ Spin-off of the software solution aps-AV® planned
* * *
17 Dec 2008:
Advisory: Opera HTML parsing flaw lead to remote code execution
* * *
27 Oct 2008:
Advisory: Eaton MGE OPS Network Shutdown Moduleauthentication bypass and code execution
* * *
21 Oct 2008:
Advisory: Internet Explorer HTML Object Memory Corruption
* * *
30 September 2008:
Corporate News
Figures from the first half of 2008 confirm expansion
+++ Revenues increase by around 30 percent to EUR 3.32m EBITDA improved
+++ by EUR 0.27m to EUR -0.35m Profit impacted by software investments,
+++ consulting profitable Outlook 2008
* * *
17 Sep 2008:
Corporate News
Microsoft selects n.runs as a member of the new program Microsoft Secure Development Lifecycle Pro Network
+++ n.runs AG exclusive member of Microsoft SDL Pro Network
+++ Only member of the MS SDL Pro Network on the European mainland
+++ Medium-term contribution to revenues in excess of 10 percent planned * * *
10 Sep 2008:
Advisory alert:
Cross-Site Scripting Filter Evasion in various frameworks
* * *
10 Sep 2008:
Advisory alert:
Horde Framework Cross-Site Scripting in filename MIME attachments
* * *
26 Aug 2008:
Press-release
IT Security for Governments and Military Organizations:
n.runs and Thales Now Co-operating
* * *
25 Aug 2008:
Press-release
Growing threat:
serious attacks on E-Mail-/AV systems constantly increasing n.runs introduces aps-AV – Protective cover for antivirus software
| |
|
