Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0118 A number of vulnerabilities have been identified in IBM Rational ClearQuest 20 August 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Rational ClearQuest Operating System: AIX HP-UX Linux variants Solaris Windows Impact/Access: Increased Privileges -- Existing Account Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-2205 CVE-2012-2169 CVE-2012-2168 CVE-2012-2165 CVE-2012-2164 CVE-2012-0744 Member content until: Wednesday, September 19 2012 OVERVIEW A number of vulnerabilities have been identified in IBM Rational ClearQuest prior to versions 7.1.2.7 and 8.0.0.3. IMPACT The vendor has provided the following descriptions regarding these issues: CVE-2012-0744: "Rational ClearQuest could allow a remote attacker to obtain sensitive information, caused by improper access controls on certain post-installation sample scripts. By sending a direct request, an attacker could exploit this vulnerability to obtain system paths, product versions, and other sensitive information." [1] CVE-2012-2164: "The ClearQuest Web client is subject to an elevated privileges attack on the Site Administration menu. This allows the attacker to adjust parameters which can affect the performance of the ClearQuest Web system. This attack requires the attacker to have already logged into ClearQuest web client as a valid user. It is then possible for this user to elevate their privilege and access the Site Administration menu." [2] CVE-2012-2165: "Rational ClearQuest could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of user credentials in an insecure manner when ClearQuest authentication is enabled. An attacker could exploit this vulnerability to query user names and obtain encrypted password hashes." [3] CVE-2012-2168: "Rational ClearQuest could allow a remote authenticated attacker to obtain sensitive information. By sending a URL request containing an invalid parameter, an attacker could exploit this vulnerability to force an exception and return a stack trace." [4] CVE-2012-2169: "Rational ClearQuest is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by file upload feature. A remote authenticated attacker could exploit this vulnerability using the File Description field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials." [5] CVE-2012-2205: "Rational ClearQuest could allow a remote authenticated attacker to obtain sensitive information. By sending a URL request containing an invalid parameter, an attacker could exploit this vulnerability to force an exception and return a stack trace." [6] MITIGATION The vendor recommends upgrading to the latest version of Rational ClearQuest to correct these issues. [1, 2, 3, 4, 5, 6] REFERENCES [1] Rational ClearQuest installation scripts information disclosure http://xforce.iss.net/xforce/xfdb/74671 [2] Security Bulletin: ClearQuest Web parameter tampering to elevated privileges (CVE-2012-2164) http://www-01.ibm.com/support/docview.wss?uid=swg21606318 [3] Rational ClearQuest query information disclosure http://xforce.iss.net/xforce/xfdb/75040 [4] Rational ClearQuest stack trace information disclosure http://xforce.iss.net/xforce/xfdb/75048 [5] Rational ClearQuest File Description cross-site scripting http://xforce.iss.net/xforce/xfdb/75049 [6] Rational ClearQuest Workspace cross-site scripting http://xforce.iss.net/xforce/xfdb/77094 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUDHCWu4yVqjM2NGpAQJHdA//W/UGgFVaMORsonuYDjFUX01VaG5a710A lWn89OoqPB+CPOtZH99hTsTXGMivC9vazwsyvqQUUabkbgd92tHpUK6aeQ0xRslW /c9PZUJjt9460+gYKLw8OCQNG6Otie5q5u5dkjt39q8HCexQufDoDvtwVI8fzkkx wUMD/ocoqcIAh6Xwu9nlfrwr9Bkyo2SvGdT1AbBSwkr3GfGYBuxplg6bax8CgNHb D1MtUwz8OsxcyZzDHIrXS2BDLGSf194u2myJlR+Dw7upARaE+945cxVdwzFdw+fm RxlNwQ1otpdiFcJhmdAkiYMh8Q5p2kdNH81fAjz0w+5U0/6FqsEEnd1zGSvUV75G JQJ04orBuGnJ4IPSDWY4KSyduwmhH7EgbnHo6z6Df9lyRVCC+xoyZ42/3iswbulL ZLq8mFB9dw5YN9dUdQrzYhkQDcTtmoBc/kfj0fkCR4XgyrTWRtmq6OZSwVHMvBZ9 4IoJPo5ZYRk7dZa9UskScBAT0gnpDz2kRxn+D4ZIKbRc3ACTpiQIkrmm+CtlxPxm QJaYnivUqxUPaLnAzSvXNcNay+avb9PMESF3qxc084ePuHGBVxGYkcYSXOatVKY7 7+WedClaTsl7E+3MvLcX1FQq8PA2qNBtPgm8VczVUgbT9FAOxkqZQbr2Znt11mSI AfKI1c5QMo4= =fesT -----END PGP SIGNATURE-----