Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2012.0118
A number of vulnerabilities have been identified in IBM Rational ClearQuest
20 August 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Rational ClearQuest
Operating System: AIX
HP-UX
Linux variants
Solaris
Windows
Impact/Access: Increased Privileges -- Existing Account
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-2205 CVE-2012-2169 CVE-2012-2168
CVE-2012-2165 CVE-2012-2164 CVE-2012-0744
Member content until: Wednesday, September 19 2012
OVERVIEW
A number of vulnerabilities have been identified in IBM Rational
ClearQuest prior to versions 7.1.2.7 and 8.0.0.3.
IMPACT
The vendor has provided the following descriptions regarding these
issues:
CVE-2012-0744: "Rational ClearQuest could allow a remote attacker to
obtain sensitive information, caused by improper access controls on
certain post-installation sample scripts. By sending a direct request,
an attacker could exploit this vulnerability to obtain system paths,
product versions, and other sensitive information." [1]
CVE-2012-2164: "The ClearQuest Web client is subject to an elevated
privileges attack on the Site Administration menu. This allows the
attacker to adjust parameters which can affect the performance of the
ClearQuest Web system. This attack requires the attacker to have
already logged into ClearQuest web client as a valid user. It is then
possible for this user to elevate their privilege and access the Site
Administration menu." [2]
CVE-2012-2165: "Rational ClearQuest could allow a remote authenticated
attacker to obtain sensitive information, caused by the storage of user
credentials in an insecure manner when ClearQuest authentication is
enabled. An attacker could exploit this vulnerability to query user
names and obtain encrypted password hashes." [3]
CVE-2012-2168: "Rational ClearQuest could allow a remote authenticated
attacker to obtain sensitive information. By sending a URL request
containing an invalid parameter, an attacker could exploit this
vulnerability to force an exception and return a stack trace." [4]
CVE-2012-2169: "Rational ClearQuest is vulnerable to cross-site
scripting, caused by improper validation of user-supplied input by file
upload feature. A remote authenticated attacker could exploit this
vulnerability using the File Description field to inject malicious
script into a Web page which would be executed in a victim's Web
browser within the security context of the hosting Web site, once the
page is viewed. An attacker could use this vulnerability to steal the
victim's cookie-based authentication credentials." [5]
CVE-2012-2205: "Rational ClearQuest could allow a remote authenticated
attacker to obtain sensitive information. By sending a URL request
containing an invalid parameter, an attacker could exploit this
vulnerability to force an exception and return a stack trace." [6]
MITIGATION
The vendor recommends upgrading to the latest version of Rational
ClearQuest to correct these issues. [1, 2, 3, 4, 5, 6]
REFERENCES
[1] Rational ClearQuest installation scripts information disclosure
http://xforce.iss.net/xforce/xfdb/74671
[2] Security Bulletin: ClearQuest Web parameter tampering to elevated
privileges (CVE-2012-2164)
http://www-01.ibm.com/support/docview.wss?uid=swg21606318
[3] Rational ClearQuest query information disclosure
http://xforce.iss.net/xforce/xfdb/75040
[4] Rational ClearQuest stack trace information disclosure
http://xforce.iss.net/xforce/xfdb/75048
[5] Rational ClearQuest File Description cross-site scripting
http://xforce.iss.net/xforce/xfdb/75049
[6] Rational ClearQuest Workspace cross-site scripting
http://xforce.iss.net/xforce/xfdb/77094
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUDHCWu4yVqjM2NGpAQJHdA//W/UGgFVaMORsonuYDjFUX01VaG5a710A
lWn89OoqPB+CPOtZH99hTsTXGMivC9vazwsyvqQUUabkbgd92tHpUK6aeQ0xRslW
/c9PZUJjt9460+gYKLw8OCQNG6Otie5q5u5dkjt39q8HCexQufDoDvtwVI8fzkkx
wUMD/ocoqcIAh6Xwu9nlfrwr9Bkyo2SvGdT1AbBSwkr3GfGYBuxplg6bax8CgNHb
D1MtUwz8OsxcyZzDHIrXS2BDLGSf194u2myJlR+Dw7upARaE+945cxVdwzFdw+fm
RxlNwQ1otpdiFcJhmdAkiYMh8Q5p2kdNH81fAjz0w+5U0/6FqsEEnd1zGSvUV75G
JQJ04orBuGnJ4IPSDWY4KSyduwmhH7EgbnHo6z6Df9lyRVCC+xoyZ42/3iswbulL
ZLq8mFB9dw5YN9dUdQrzYhkQDcTtmoBc/kfj0fkCR4XgyrTWRtmq6OZSwVHMvBZ9
4IoJPo5ZYRk7dZa9UskScBAT0gnpDz2kRxn+D4ZIKbRc3ACTpiQIkrmm+CtlxPxm
QJaYnivUqxUPaLnAzSvXNcNay+avb9PMESF3qxc084ePuHGBVxGYkcYSXOatVKY7
7+WedClaTsl7E+3MvLcX1FQq8PA2qNBtPgm8VczVUgbT9FAOxkqZQbr2Znt11mSI
AfKI1c5QMo4=
=fesT
-----END PGP SIGNATURE-----