what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ProCheckUp Security Advisory 2007.60708091012

ProCheckUp Security Advisory 2007.60708091012
Posted Jan 10, 2008
Authored by Adrian Pastor, ProCheckUp, Jan Fry | Site procheckup.com

Sun Java System Identity Manager version 6.0, Sun Java System Identity Manager version 7.0, and Sun Java System Identity Manager version 7.1 are susceptible to cross domain redirection, cross site scripting, and frame injection vulnerabilities.

tags | advisory, java, vulnerability, xss
SHA-256 | d6006a16a69c00bd066f6cb36ecb14b95ece02d9fc7932ef0a831f29ef9988fd

ProCheckUp Security Advisory 2007.60708091012

Change Mirror Download
PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, 
Cross-domain Redirection and Frame Injection on Sun Java System Identity
Manager

Vulnerability found: 11th June 2007

Vendor informed: 18th June 2007

Severity: Medium

Product description:

"Identity Manager allows customers to automate the process of creating,
updating, and deleting user accounts across multiple IT systems.
Collectively, this process is known as provisioning (e.g., creating,
updating) and deprovisioning (e.g., deleting). For example, when a new
employee joins a company, Identity Manager will automatically run a
workflow retrieving the necessary approvals to grant the new employee
access. Once these approvals are obtained, Identity Manager will
automatically create user accounts allowing the new employee to do his
or her job. This may include creating the user account for the new
employee in the company's HR systems (PeopleSoft), giving him or her
access to ERP applications (SAP) and/or creating an email account
(Microsoft Exchange). If the employee changes roles in the company,
Identity Manager will update the user account and provide access to the
necessary resources required in that new role. When an employee leaves
the company, Identity Manager automatically removes his or her user
accounts to prevent access. By using Identity Manager, the entire
provisioning and deprovisioning process can be automated--saving the
customer both time and money." [1]


Problem summary:

The following issues have been found:

- HTML injection via the "cntry" parameter
- XSS via the "lang" parameter
- XSS via the "resultsForm" parameter
- XSS via the "activeControl" parameter
- frame injection via the "helpUrl"
- cross-domain redirects within the "nextPage" parameter

Sun has confirmed the following products to be affected by these issues:
Sun Java System Identity Manager 6.0, Sun Java System Identity Manager
7.0, Sun Java System Identity Manager 7.1


More information including proof of concepts can be found on:

http://www.procheckup.com/Vulnerability_PR07-06.php
http://www.procheckup.com/Vulnerability_PR07-07.php
http://www.procheckup.com/Vulnerability_PR07-08.php
http://www.procheckup.com/Vulnerability_PR07-09.php
http://www.procheckup.com/Vulnerability_PR07-10.php
http://www.procheckup.com/Vulnerability_PR07-12.php


Consequences:

- An attacker may be able to inject malicious HTML or scripting code in
the browser of a user who clicks on a link to Sun Java System Identity
Manager. This type of attack can result in non-persistent defacement of
the target site, or the redirection of confidential information to
unauthorised third parties.

- An attacker may inject frames that embed third-party sites, which can
help launching phishing attacks by injecting a frame that points to a
"spoof" login page. Non-persistent defacement of the target site is also
possible.

- An attacker can redirect victim users to third-party sites after a
successful logon. Such behaviour can help attackers perform phishing
attacks.


Fix:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1


References:

[1] http://www.sun.com/software/products/identity_mgr/general_faq.jsp#q_1

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=271729
http://www.procheckup.com/Vulnerabilities.php


Credits: Jan Fry and Adrian Pastor of ProCheckUp Ltd (www.procheckup.com)
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close