IBM Tivoli Access Manager pkmslogout directory traversal
| tivoli-pkmslogout-directory-traversal (24485) |  Medium Risk |
Description:
IBM Tivoli Access Manager for e-business could allow a remote attacker to traverse directories on the Web server. An authenticated attacker could send a specially-crafted URL request to the pkmslogout script containing "dot dot" sequences (/../) in the "filename" parameter to traverse directories and view any file outside of the Web root directory.
*CVSS:
| Base Score: | 5 |
| Access Vector: | Remote |
| Access Complexity: | Low |
| Authentication: | Not Required |
| Confidentiality Impact: | Complete |
| Integrity Impact: | None |
| Availability Impact: | None |
| Temporal Score: | 4.4 |
| Exploitability: | High |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Obtain Information
Remedy:
For IBM Tivoli Access Manager for e-business 5.1.0:
Apply Tivoli Access Manager Plug-in for Web Servers 5.1 Fix Pack 5.1.0-TIV-WPI-FP0017, available from the IBM Support Web site. See References.
For IBM Tivoli Access Manager for e-business 6.0:
Apply Tivoli Access Manager Plug-in for Web Servers 6.0 Fix Pack 6.0.0-TIV-WPI-FP0001, available from the IBM Support Web site. See References.
References:
- Full-Disclosure Mailing List, Fri Feb 03 2006 - 17:39:57 CST: VSR Advisory: IBM Tivoli Access Manager - Web Server Plug-in File Retrieval Vulnerability.
- IBM Support Web site: Tivoli Access Manager Plug-in for Web Servers 6.0 Fix Pack 6.0.0-TIV-WPI-FP0001.
- IBM Support Web site: Tivoli Access Manager Plug-in for Web Servers 5.1 Fix Pack 5.1.0-TIV-WPI-FP0017.
- Virtual Security Research, LLC. Security Advisory 2006-02-03: Remote Directory Traversal and File Retrieval.
- BID-16494: IBM Tivoli Access Manager Plugin Directory Traversal Vulnerability
- CVE-2006-0513: Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
- SA18725: IBM Tivoli Access Manager for e-business "pkmslogout" Directory Traversal
- SECTRACK ID: 1015582: IBM Tivoli Access Manager Input Validation Hole in Web Server Plug-in `pkmslogout` Script Lets Remote Authenticated Users Traverse the Directory
- VUPEN/ADV-2006-0442: IBM Tivoli Access Manager pkmslogout Directory Traversal Vulnerability
Platforms Affected:
- IBM Tivoli Access Manager for e-business 5.1
- IBM Tivoli Access Manager for e-business 6.0.0
- Microsoft Windows 2003 Server
Reported:
Feb 03, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.