News
Vigil@nce: WebSphere AS, file access via iscdeploy
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When WebSphere Application Server is installed on IBM i, the iscdeploy script applies invalid permissions on some files, so a local attacker can read or write their content.
Severity: 2/4
Creation date: 16/01/2012
IMPACTED PRODUCTS
IBM WebSphere Application Server
DESCRIPTION OF THE VULNERABILITY
The iscdeploy script is used to deploy on IBM WebSphere Application Server.
However, on IBM i, this script defines open permissions on files
located in the following directories:
$WAS_HOME/systemapps/isclite.ear
$WAS_HOME/bin/client_ffdc
When WebSphere Application Server is installed on IBM i, the iscdeploy script therefore applies invalid permissions on some files, so a local attacker can read or write their content.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
