CVE-2010-1454: SpringSource tc Server unauthenticated remote access to JMX 
interface

Severity: Critical

Vendor:
SpringSource, a division of VMware

Versions Affected:
tc Server Runtime 6.0.19.A, 6.0.20.A, 6.0.20.B, 6.0.20.C, 6.0.25.A

Description:
A problem has been identified in the 
com.springsource.tcserver.serviceability.rmi.JmxSocketListener. If the listener 
is configured to use an encrypted password ( i.e. the password is prefaced with 
s2enc:// ) then entering either the correct password or an empty string will 
allow authenticated access to the JMX interface. The JMX interface is not 
remotely accessible by default but may be configured for remote access by 
setting the address attribute.

Mitigation:
All users are recommended to immediately switch to non-encrypted passwords for 
the JMX interface or to disable the JMX interface.
Users wishing to continue to use the JMX interface with encrypted passwords 
should upgrade the tc Server Runtime to 6.0.20.D or 6.0.25.A-SR01 (included in 
tc Server 2.0.0.SR01) available from the SpringSource support portal (for 
customers with support contracts) or the SpringSource download centre.

Credit:
This vulnerability was discovered by Erhan Baz at Yapi Kredi.

References:
[1] http://www.springsource.com/security/tc-server

Mark Thomas
SpringSource Security Team

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to