[jboss-jira] [JBoss JIRA] Commented: (JBAS-3861) DeploymentFileRepository can be used to write/remove arbitrary files in the filesystem

DeploymentFileRepository can be used to write/remove arbitrary files in the filesystem -------------------------------------------------------------------------------------- Key: JBAS-3861 URL: http://jira.jboss.com/jira/browse/JBAS-3861 Project: JBoss Application Server Issue Type: Bug Security Level: Public(Everyone can see) Components: Management services Affects Versions: JBossAS-4.0.5.GA, JBossAS-4.0.4.GA, JBossAS-3.2.8.SP1, JBossAS-3.2.8 Final, JBossAS-4.0.3 Final, JBossAS-4.0.2 Final, JBossAS-4.0.1 SP1, JBossAS-4.0.1 Final, JBossAS-3.2.7 Final, JBossAS-3.2.6 Final, JBossAS-4.0.0 Final, JBossAS-3.2.5 Final Reporter: Dimitris Andreadis Assigned To: Dimitris Andreadis Priority: Critical Fix For: JBossAS-4.0.5.SP1 , JBossAS-5.0.0.Beta1, JBossAS-4.2.0.CR1, JBossAS-3.2.8.SP2 Symantec discovered a flaw in the DeploymentFileRepository class of the JBoss application server. A remote attacker who is able to access the console manager could read or write to files with the permissions of the JBoss user. This could potentially lead to arbitrary code execution as the JBoss user. (CVE-2006-5750) Please note that the JBoss console manager should always be secured prior to deployment. By default, the JBoss installer gives users the ability to password protect the console manager, limiting an attack using this vulnerability to authorised users. These steps can also be performed manually. http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss This vulnerability afffects all JBoss releases from v3.2.4 to v.4.0.5