==================================================================== CERT-Renater Note d'Information No. 2012/VULN219 ____________________________________________________________________ DATE : 21/05/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running HP Business Service Management versions up to and including 9.12. ====================================================================== http://www.kb.cert.org/vuls/id/859230 ______________________________________________________________________ Vulnerability Note VU#859230 HP Business Service Management 9.12 remote code execution vulnerability Original Release date: 16 mai 2012 | Last revised: 16 mai 2012 Overview The HP Business Service Management (HPBSM) application contains a remote code execution vulnerability. Version 9.12 has been reported to be affected but other versions may also be affected. Description HPBSM uses the JBOSS application server. In the default configuration, HPBSM contains open ports that may be accessed by an unauthenticated attacker. The attacker can upload a jsp-shell as a .war file and have the JBOSS application server deploy it as a service. In the default configuration, this attacker shell will run with SYSTEM privileges. Impact An unauthenticated attacker may be able to deploy a backdoor shell with SYSTEM privileges. Solution We are currently unaware of a practical solution to this problem. Please consider the following workarounds. Restrict Access Implement appropriate firewall rules to block traffic from untrusted sources to TCP ports 4444, 1098, and 1099. Vendor Information Vendor Status Date Notified Date Updated Hewlett-Packard Company Affected 02 Apr 2012 16 May 2012 CVSS Metrics (Learn More) Group Score Vector Base 10,0 AV:N/AC:L/Au:N/C:C/I:C/A:C Temporal 9,0 E:H/RL:U/RC:UC Environmental 9,0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND References http://www8.hp.com/us/en/software/software-solution.html?compURI=tcm:245-937035 Credit Thanks to David Elze of Daimler TSS for reporting this vulnerability. This document was written by Jared Allar. Other Information CVE IDs: CVE-2012-2561 Date Public: 16 mai 2012 Date First Published: 16 mai 2012 Date Last Updated: 16 mai 2012 Document Revision: 17 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================