CERT-In Advisory CIAD-2008-26
Multiple Vulnerabilities in Sun Java System Active Server Pages

Original issue June 05, 2008

Severity Rating: High

Systems Affected

•  Sun Java ASP Server 4.0.2 or earlier

Overview

Multiple vulnerabilities have been reported in Sun Java ASP Server that could be exploited by a remote attacker to take the control of the affected system in the context of logged in user.

Description

1. Sun Java System ASP File Creation Vulnerability
    (CVE-2008-2401)

This vulnerability is caused due to improper input validation while processing a file by ASP applications. The file uses a function to control the content and the location of the file written. The remote attacker could exploit this vulnerability by appending or creating a ­­­­crafted new file on the venerable system and gain root privilege.

2. Sun Java System ASP Information Disclosure Vulnerability
    (CVE-2008-2402)

This vulnerability is caused due to the placement of password and configuration files under web root with insufficient access control. This could be exploited by direct requests for the specific, sensitive documents, which allow remote attacker to read password hashes or configuration data.

3. Sun Java System ASP Multiple Directory Traversal     Vulnerabilities (CVE-2008-2403)

These vulnerabilities are caused because Sun Java System ASP Server engine permit directory traversal with “../” construct. The remote attacker could exploit this vulnerability via specially crafted HTTP request to read or delete arbitrary file of the affected application.

4. Sun Java System ASP Buffer Overflow Vulnerability
    (CVE-2008-2404)

This vulnerability is caused due an error while handling request within the ASP server. The user supplied request string is directly copied in fixed sized buffer without first validating it for size. The attacker could exploit this vulnerability via specially crafted request to cause stack-based buffer overflow. Successful exploitation allows execution of arbitrary code and denial of service.

5. Sun Java System ASP Multiple Command Injection     Vulnerabilities (CVE-2008-2405)

These vulnerabilities exists with ASP applications due to improper filtering while handling shell commands . The attacker could exploit these vulnerabilities by using shell metacharacters in HTTP request, this allow remote attacker to execute arbitrary commands.

6. Sun Java System ASP Authentication Vulnerability
    (CVE-2008-2406)

This vulnerability is caused due to design error in Sun Java System ASP. The attacker could exploit this vulnerability by directly connecting to administration application server bypassing authentication mechanism introduced by the administration HTTP server.

Solution

Update Sun Java ASP Server 4.0.3.
http://sunsolve.sun.com/search/document.do?assetkey
=1-66-238184-1

Vendor Information

Sun Microsystems
http://sunsolve.sun.com/search/document.do?assetkey
=1-66-238184-1

References

Secunia
http://secunia.com/advisories/30523/

iDefence
http://labs.idefense.com/intelligence/vulnerabilities/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003