Operating System:

[WIN][LINUX][Solaris][AIX]

Published:

25 June 2012

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ESB-2012.0614 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0614
                  Security Flash for the RDS Help system
                               25 June 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Rational Directory Server
Publisher:         IBM
Operating System:  AIX
                   Linux variants
                   Solaris
                   Windows
Impact/Access:     Cross-site Scripting           -- Remote with User Interaction
                   Provide Misleading Information -- Remote with User Interaction
Resolution:        Patch/Upgrade

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21597191

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Flash for the RDS Help system
Flash (Alert)

Abstract
Security vulnerabilities have been discovered in the IBM Rational Directory
Server (RDS) Help system shipped with the RDS product. When the Help file is
opened in Rational Directory Administrator, the 'href' parameter in
advanced/deferredView.jsp causes the followng security vulnerabilities: Open
Redirect and Cross Site Scripting.

Content

Below are the security vulnerabilitys found in the RDS help (menu 'Help'->
'Help' item in RDA window):

Open Redirect:
http://localhost:8080/rds-help/advanced/deferredView.jsp?href=http://www.google.com?view=toc

If the product has a security vulnerability the browser will redirect to google
home page

Cross Site Scripting:
http://localhost:8080/rds-help/advanced/deferredView.jsp?href=javascript:alert%28document.cookie%29

If the product has a security vulnerability, an alert/dialog box pops up with
some garbage text

Resolution:
This vulnerability affects all versions of RDA (Tivoli) and RDA (Apache). The
complete fix for this issue will be delivered through different release cycles:
RDA Tivoli: RDS 5.2.0.2 iFix02 is scheduled to be released on 21st June 2012
RDA Apache: A fix pack release RDS 5.1.1.2 is planned End of August 2012


WORKAROUND:
In the mean time, this risk can be mitigated by following the below steps.
1. Download the rds-help.zip file and extract the rds-help.war
FTP: ftp://public.dhe.ibm.com/software/rational/Directory_server/rds-help.zip
HTTP: http://public.dhe.ibm.com/software/rational/Directory_server/rds-help.zip

2. Stop the WebAccessServer (apache tomcat server)
Windows: 
<RDS\RDA install location>\WebAccessServer\apache-tomcat-x.0.xx\bin\catalina.bat stop
Unix:
<RDS/RDA install location>/WebAccessServer/apache-tomcat-x.0.xx/bin\catalina.sh stop

3. Go to the location where the war file is located in the RDS/RDA install
location.
Windows: 
<RDS\RDA install location>\WebAccessServer\apache-tomcat-x.0.xx\webapps\
Unix:
<RDS/RDA install location>/WebAccessServer/apache-tomcat-x.0.xx/webapps/

4. Delete/backup the following:
file: rds-help.war
Directory: rds-help

5. Replace the rds-help.war downloaded.

6. Start the WebAccessServer
Windows: 
<RDS\RDA install location>\WebAccessServer\Start_RDAWebServer.bat
Unix:
<RDS/RDA install location>/WebAccessServer/Start_RDAWebServer.sh

The latest rds-help.war file is now installed which does not have the security
vulnerabilities.

Note: This help file has contents for RDS versions 5.2(Tivoli) and later, and
RDS 5.1.1 (Apache) and later

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT+f+vO4yVqjM2NGpAQKMCxAAr1aZg64Mh+VX3L9JgEVCipP4S9pbHtJo
dFOJbKo7fxY48T2GQVyRx4lI1thjus1t3LTNFyPOIkCVQxzWTU5yquNDvfLmJe7O
hMBM+7SJUwkCmonQA8zEzM/z+w0xd9yPAIZZCWwmcUxf+l7gL3bvNT4zM4tmzXE2
tcS8423AfGEjccGPSm6kpPBYjKdKN7fxm84BSel0IDaxd85gApA0HAmClMAnZdgX
R6q0xbjJNdRGUMhoMpJgU4/NvPH8QIj3NE4zIBRbSn99SwuCYrrSWCvfXQCAHeLf
1NYoU3Xqb7dNAT+9aGECu099b/kBGgmldbZ4fpRWAaXBEY+BY6TEdDcLIUYfJekK
CoxpspuypGIf6WtXiNbWWrxM5lFBWG2fVSBTpxiP2R/ybFevH8HUH5x/M+kcvoul
XU84ZJyhyk55TJOH7xeQfHx9F650qdzUUg0pUFDFXf7K2R4CKudG027lUEnsHzVd
Eqrn2aleitOqGoYkbNh32ZGw48Dwq7oeJJFlQj4R0JYTpvnGizCJidXi+UxmcDpM
zy0KzOJp4x0zncharFKOwJvw/YM36/J+JsDP4L9dsC9Kt37Tl8318DfXJhgT7JjO
lMzLRa/XoQVADfq11cwb2dI4poX3NepFarWgXPfl7QMdFj6a82JzuYez2tu7LnCo
5/12DT+wcmo=
=FHhy
-----END PGP SIGNATURE-----