Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
|
|
|
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
|
|
|
|
|
|
|
|
|
|
|
HP ChaiVM Java Virtual Machine Access Control Flaws Let Users Add, Delete, and Modify Chai Services
|
|
SecurityTracker Alert ID: 1004859 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 27 2002
|
Impact: Modification of system information
|
Advisory: Phenoelit Group
|
Description: A vulnerability was reported in HP's ChaiVM Java virtual machine. A remote user can add additional Chai services. A local user (on the ChaiServer) can add, delete, or modify services.
Phenoelit Group reported two vulnerabilities. In one, a user with access to the file system that hosts ChaiVM may add, delete, or
modify services hosted by the ChaiServer. According to the report, this is particularly true when the file is accessible through
the network using printer job language (PJL) commands.
In another vulnerability, HP's advanced loader (EZloader, this.ez) reportedly
does not verify JAR signatures for new services. As a result, a remote user can add additional Chai services.
This reportedly
affects HP 9000, HP 4100, HP 45nn, HP 8150, and possibly other devices.
The vendor has reportedly been notified.
|
Impact: A remote user can add additional Chai services. A local user (on the ChaiServer) can add, delete, or modify services.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.hp.com/products1/embedded/products/platform/chaivm.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Red Hat), Windows (CE), Windows (NT)
|
Reported By: kim0 <kim0@phenoelit.de>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Sat, 27 Jul 2002 15:53:14 +0200
From: kim0 <kim0@phenoelit.de>
Subject: Phenoelit Advisory #0815 +--
|
--------------010606090106080605040006
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
--
kim0 <kim0@phenoelit.de>
Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0 FBEF 2D72 33C0 77FC CD42
--------------010606090106080605040006
Content-Type: text/plain;
name="HP_Chai.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="HP_Chai.txt"
Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +-->
[ Authors ]
FX <fx@phenoelit.de>
FtR <ftr@phenoelit.de>
kim0 <kim0@phenoelit.de>
DasIch <DasIch@phenoelit.de>
Phenoelit Group (http://www.phenoelit.de)
Advisory http://www.phenoelit.de/stuff/HP_Chai.txt
[ Affected Products ]
Hewlett Packard (HP) ChaiVM
HP 9000
HP 4100
HP 45nn
HP 8150
Possibly others using ChaiVM
HP Bug ID: Not assigned
CERT Vulnerability ID: 780747
[ Vendor communication ]
06/29/02 Initial Notification, security-alert@hp.com
*Note-Initial notification by phenoelit
includes a cc to cert@cert.org by default
06/29/02 RBL blocked delivery to security-alert@hp.com
06/29/02 Creation of ho-mail acocunt and resend
06/29/02 Auto-responder reply
07/01/02 Human contact, PGP exchange and ack.
07/01/02 Clarification of some details w/HP Sec people
07/19/02 Notification of intent to post publically in
apx. 7 days.
07/23/02 Coordination for release date/times
[ Overview ]
ChaiVM is used in networked appliances such as printers, mobile
computing devices, and other mobile or fixed networked embedded hardware.
[ Description ]
Two vulnerabilites exist.
1. Access to the file system hosting ChaiVM will allow any user to
add, delete, or modify services hosted by the ChaiServer.
This is especially appliciable in cases where the file is accessible
through the network using PJL.
2. The default loader (this.loader) will verify JAR signatures.
HP released an advanced loader (EZloader, this.ez), which in turn,
is signed by HP and does not verify signatures for new services.
The result of these vulnerabilites will allow any network user to
add additional Chai Services.
[ Example ]
Sample (exploit) code to be released after 30 July 2002 on site.
[ Solution ]
None known at this time.
[ end of file ]
--------------010606090106080605040006--
|
|
Go to the Top of This SecurityTracker Archive Page
|
