Exploit the possiblities

Mandriva Linux Security Advisory 2013-004

Mandriva Linux Security Advisory 2013-004
Posted Jan 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-004 - The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce values instead of nonce values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. The updated packages have been patched to correct these issues.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
MD5 | a004c77af965def72affb378ad7a2c27

Mandriva Linux Security Advisory 2013-004

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:004
http://www.mandriva.com/security/
_______________________________________________________________________

Package : tomcat5
Date : January 10, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilites has been found and corrected in tomcat5:

The replay-countermeasure functionality in the HTTP Digest Access
Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x
before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce)
values instead of nonce (aka server nonce) and nc (aka nonce-count)
values, which makes it easier for remote attackers to bypass intended
access restrictions by sniffing the network for valid requests,
a different vulnerability than CVE-2011-1184 (CVE-2012-5885).

The HTTP Digest Access Authentication implementation in Apache Tomcat
5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches
information about the authenticated user within the session state,
which makes it easier for remote attackers to bypass authentication
via vectors related to the session ID (CVE-2012-5886).

The HTTP Digest Access Authentication implementation in Apache Tomcat
5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not
properly check for stale nonce values in conjunction with enforcement
of proper credentials, which makes it easier for remote attackers
to bypass intended access restrictions by sniffing the network for
valid requests (CVE-2012-5887).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887
http://tomcat.apache.org/security-5.html
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
935ea1aaf1d25f4456ba83ce99db63bc mes5/i586/tomcat5-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
9844570f107eb192c8f2ea58192bb347 mes5/i586/tomcat5-admin-webapps-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
fd9368b9caf993e85d72b97fa53a6ca6 mes5/i586/tomcat5-common-lib-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
fca1d2dcaf9a512652ae60d24ef611ee mes5/i586/tomcat5-jasper-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
6ed9a7677dd8e0d4e71aa3a7d9b2b885 mes5/i586/tomcat5-jasper-eclipse-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
7e879ad00c1c2c590782a09a68cd7b70 mes5/i586/tomcat5-jasper-javadoc-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
25c982ceb5a544c8aae91c9cceb4caf0 mes5/i586/tomcat5-jsp-2.0-api-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
6f20f6d3f60ff3eb6b133515e9541b3e mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
fb80972b920d7b6b25b2d4e962a9d2ac mes5/i586/tomcat5-server-lib-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
8b74bd76be82d12738e5b588d8df1cff mes5/i586/tomcat5-servlet-2.4-api-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
e511972010d64177d2ba7ed454e8947e mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
fce151e02613993c6ff149cbb82400fd mes5/i586/tomcat5-webapps-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
d1175cae7e2aec4e9383144d3aa8ea84 mes5/SRPMS/tomcat5-5.5.28-0.5.0.5mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
d38d7f51ae6f7e64807856b862c40b75 mes5/x86_64/tomcat5-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
f7d63f858748a708c10acd8546b02b05 mes5/x86_64/tomcat5-admin-webapps-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
ca98317313a6ffff9123f77c5001e3d6 mes5/x86_64/tomcat5-common-lib-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
e2be9cad2d7ed9d7af3845c2d0aa55f9 mes5/x86_64/tomcat5-jasper-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
19627cae9df7af23408d42a439089c59 mes5/x86_64/tomcat5-jasper-eclipse-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
8a901bd98ebab0d2cdecf5d1e92f524a mes5/x86_64/tomcat5-jasper-javadoc-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
748e8d22caa1cca056f9dda523e64e62 mes5/x86_64/tomcat5-jsp-2.0-api-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
229b57db6d6664b53407b1b9a3995319 mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
fd8bc83d41aa6ddabbb1097a9157c8e8 mes5/x86_64/tomcat5-server-lib-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
76ff8939382f1200a918b39677cd1de1 mes5/x86_64/tomcat5-servlet-2.4-api-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
5cb677220b4d423041c17aace76d31bd mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
4d87e7273290e1bbaa04903c31d00b24 mes5/x86_64/tomcat5-webapps-5.5.28-0.5.0.5mdvmes5.2.noarch.rpm
d1175cae7e2aec4e9383144d3aa8ea84 mes5/SRPMS/tomcat5-5.5.28-0.5.0.5mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQ7pc2mqjQ0CJFipgRAi3/AKDm/HK6n5nrIKtfYEFFid4zzd4cVgCgwI6b
ocwOUtXQ9Wi71R4s67X4boM=
=Kmvo
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    7 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close