Apache Geronimo RMI Classloader 安全绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1167227 漏洞类型 代码注入
发布时间 2013-07-01 更新时间 2013-07-16
CVE编号 CVE-2013-1777 CNNVD-ID CNNVD-201307-039
漏洞平台 N/A CVSS评分 10.0
|漏洞来源
https://www.securityfocus.com/bid/60875
https://cxsecurity.com/issue/WLB-2013070013
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201307-039
|漏洞详情
IBMWebSphereApplicationServer(WAS)是美国IBM公司开发并发行的一款应用服务器产品。ApacheGeronimo是美国阿帕奇(Apache)软件基金会的一款开源的J2EE服务器产品,该产品具有可伸缩性、可进行配置管理等特点。IBMWASCommunityEdition3.0.0.3版本和其他产品中使用的ApacheGeronimo3.0.1之前的3.x版本中的JMXRemoting功能中存在漏洞,该漏洞源于程序没有正确实现RMI类加载器。远程攻击者可通过使用JMX连接器发送特制的序列化对象,利用该漏洞控制系统,执行任意代码。
|漏洞EXP
CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure

Severity: Important

Vendor:
The Apache Software Foundation

Version Affected:
Apache Geronimo 3.0
Apache Geronimo 3.0 Beta 1
Apache Geronimo 3.0 M1

Description:
A misconfigured RMI classloader in Apache Geronimo 3.0 may enable an attacker to
send a serialized object via JMX that could compromise the system.

Mitigation:
Geronimo 3.0, Beta 1 or M1 users are strongly encouraged to upgrade to Geronimo 3.0.1.
Remote exploits can be prevented by hiding the naming (1099) and JMX (9999) ports
behind a firewall or binding the ports to a local network interface.

Credit:
This issue was discovered by Pierre Ernst of IBM Canada Ltd.

References:
http://geronimo.apache.org/security-reports.html
|受影响的产品
IBM WebSphere Application Server Community Edition 3.0.0.3 Apache Geronimo 3.0 M1 Apache Geronimo 3.0 Beta 1 Apache Geronimo 3.0
|参考资料

来源:issues.apache.org
链接:https://issues.apache.org/jira/browse/GERONIMO-6477
来源:www-01.ibm.com
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21643282
来源:geronimo.apache.org
链接:http://geronimo.apache.org/30x-security-report.html
来源:BUGTRAQ
名称:20130701[SECURITY]CVE-2013-1777:ApacheGeronimo3RMIclassloaderexposure
链接:http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
来源:BID
名称:60875
链接:http://www.securityfocus.com/bid/60875