Sign-up

ID

VAR-201106-0115


CVE

CVE-2011-2092


TITLE

plural Adobe Unknown vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2011-001777

DESCRIPTION

Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability.". BlazeDS and GraniteDS are prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Remote attackers can exploit this issue to bypass certain security restrictions. NOTE: This issue was previously discussed in BID 48267 (Adobe LiveCycle Data Services and BlazeDS APSB11-15 Multiple Remote Vulnerabilities) but has been given its own record to better document it. ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: Adobe LiveCycle / BlazeDS Two Vulnerabilities SECUNIA ADVISORY ID: SA44922 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44922/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44922 RELEASE DATE: 2011-06-15 DISCUSS ADVISORY: http://secunia.com/advisories/44922/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44922/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44922 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Adobe LiveCycle and BlazeDS, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error when handling AMF/AMFX data during object deserialization can be exploited to execute certain class methods. 2) An error when processing certain graph objects (e.g. JFrame class) can be exploited to cause a DoS. The vulnerabilities are reported in the following products: * LiveCycle Data Services 3.1, 2.6.1, 2.5.1, and earlier for Windows, Macintosh, and UNIX. * LiveCycle 9.0.0.2, 8.2.1.3, 8.0.1.3, and earlier for Windows, Linux, and UNIX. * BlazeDS 4.0.1 and earlier. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Wouter Coekaerts ORIGINAL ADVISORY: Adobe (APSB11-15): http://www.adobe.com/support/security/bulletins/apsb11-15.html Wouter Coekaerts: http://wouter.coekaerts.be/2011/amf-arbitrary-code-execution OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . 1) The administrative interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add a user with administrative privileges by tricking the logged in administrator into visiting a malicious web site. No further information is currently available. 3) Some vulnerabilities are caused due to vulnerabilities in the bundled version of Adobe BlazeDS

Trust: 2.07

sources: NVD: CVE-2011-2092 // JVNDB: JVNDB-2011-001777 // BID: 48279 // PACKETSTORM: 102306 // PACKETSTORM: 102313

AFFECTED PRODUCTS

vendor:adobemodel:livecyclescope:eqversion:8.0.1.2

Trust: 1.6

vendor:adobemodel:livecyclescope:eqversion:7.0

Trust: 1.6

vendor:adobemodel:livecyclescope:eqversion:8.0.1.1

Trust: 1.6

vendor:adobemodel:livecyclescope:eqversion:8.0.1

Trust: 1.6

vendor:adobemodel:livecyclescope:eqversion:6.0

Trust: 1.6

vendor:adobemodel:livecycle data servicesscope:eqversion:2.6

Trust: 1.6

vendor:adobemodel:livecyclescope:eqversion:8.2.1.3

Trust: 1.6

vendor:adobemodel:livecycle data servicesscope:eqversion:2.5

Trust: 1.6

vendor:adobemodel:livecycle data servicesscope:eqversion:2.6.1

Trust: 1.6

vendor:adobemodel:blazedsscope:lteversion:4.0.1

Trust: 1.0

vendor:adobemodel:livecycle data servicesscope:eqversion:3

Trust: 1.0

vendor:adobemodel:livecycle data servicesscope:eqversion:2.5.1

Trust: 1.0

vendor:adobemodel:livecycle data servicesscope:lteversion:3.1

Trust: 1.0

vendor:adobemodel:livecyclescope:lteversion:9.0.0.2

Trust: 1.0

vendor:adobemodel:livecycle data servicesscope:lteversion:3.1 and earlier for windows

Trust: 0.8

vendor:adobemodel:livecyclescope:lteversion:9.0.0.2 and earlier for windows

Trust: 0.8

vendor:adobemodel:livecycle data servicesscope:lteversion:2.6.1 and earlier for windows

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:- manager

Trust: 0.8

vendor:adobemodel:blazedsscope:lteversion:4.0.1 and earlier

Trust: 0.8

vendor:adobemodel:livecyclescope:eqversion:linux unix

Trust: 0.8

vendor:hitachimodel:it operations directorscope: - version: -

Trust: 0.8

vendor:adobemodel:livecycle data servicesscope:eqversion:macintosh unix

Trust: 0.8

vendor:hitachimodel:device managerscope:eqversion:software

Trust: 0.8

vendor:adobemodel:livecycle data servicesscope:lteversion:2.5.1 and earlier for windows

Trust: 0.8

vendor:adobemodel:livecyclescope:lteversion:8.2.1.3 and earlier for windows

Trust: 0.8

vendor:adobemodel:livecyclescope:lteversion:8.0.1.3 and earlier for windows

Trust: 0.8

vendor:hitachimodel:tiered storage managerscope:eqversion:software

Trust: 0.8

vendor:adobemodel:livecyclescope:eqversion:9.0.0.2

Trust: 0.6

vendor:hpmodel:systems insight managerscope:eqversion:6.3

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.2

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.1

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0.0.96

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:systems insight manager updatescope:eqversion:5.31

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:5.3

Trust: 0.3

vendor:hpmodel:systems insight manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:hpmodel:systems insight manager sp1scope:eqversion:5.1

Trust: 0.3

vendor:hpmodel:systems insight manager sp6scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp5scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp3scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp2scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp1scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:systems insight manager sp2scope:eqversion:4.2

Trust: 0.3

vendor:hpmodel:systems insight manager sp1scope:eqversion:4.2

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:4.2

Trust: 0.3

vendor:granitemodel:software granitedsscope:eqversion:2.2

Trust: 0.3

vendor:adobemodel:lifecycle data servicesscope:eqversion:2.6.1

Trust: 0.3

vendor:adobemodel:lifecycle data servicesscope:eqversion:3.1

Trust: 0.3

vendor:adobemodel:lifecycle data servicesscope:eqversion:2.5.1

Trust: 0.3

vendor:adobemodel:lifecyclescope:eqversion:9.0.0.2

Trust: 0.3

vendor:adobemodel:lifecyclescope:eqversion:8.2.1.3

Trust: 0.3

vendor:adobemodel:lifecyclescope:eqversion:8.0.1.3

Trust: 0.3

vendor:adobemodel:blazedsscope:eqversion:4.0.1

Trust: 0.3

vendor:hpmodel:systems insight managerscope:neversion:7.0

Trust: 0.3

vendor:granitemodel:software granitedsscope:neversion:2.2.1

Trust: 0.3

sources: BID: 48279 // JVNDB: JVNDB-2011-001777 // CNNVD: CNNVD-201106-172 // NVD: CVE-2011-2092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-2092
value: HIGH

Trust: 1.0

NVD: CVE-2011-2092
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201106-172
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2011-2092
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-001777 // CNNVD: CNNVD-201106-172 // NVD: CVE-2011-2092

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2011-001777 // NVD: CVE-2011-2092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201106-172

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201106-172

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001777

PATCH
title:APSB11-15url:http://www.adobe.com/support/security/bulletins/apsb11-15.html
Trust: 0.8
title:APSB11-15url:http://www.adobe.com/jp/support/security/bulletins/apsb11-15.html
Trust: 0.8
title:HS12-018url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-018/index.html
Trust: 0.8
title:HS12-011url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-011/index.html
Trust: 0.8
title:HS12-014url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-014/index.html
Trust: 0.8
title:HPSBMU02769 SSRT100846url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151
Trust: 0.8
title:HS12-018url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-018/index.html
Trust: 0.8
title:HS12-011url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-011/index.html
Trust: 0.8
title:HS12-014url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-014/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-001777

EXTERNAL IDS
db:NVDid:CVE-2011-2092
Trust: 2.7
db:SECTRACKid:1025657
Trust: 1.0
db:SECTRACKid:1025656
Trust: 1.0
db:JVNDBid:JVNDB-2011-001777
Trust: 0.8
db:SECUNIAid:44922
Trust: 0.7
db:SECUNIAid:43013
Trust: 0.7
db:NSFOCUSid:17048
Trust: 0.6
db:NSFOCUSid:19537
Trust: 0.6
db:CNNVDid:CNNVD-201106-172
Trust: 0.6
db:BIDid:48279
Trust: 0.3
db:PACKETSTORMid:102306
Trust: 0.1
db:PACKETSTORMid:102313
Trust: 0.1
sources:
            
            
            BID: 48279 // 
            
            
            
            JVNDB: JVNDB-2011-001777 // 
            
            
            
            PACKETSTORM: 102306 // 
            
            
            
            PACKETSTORM: 102313 // 
            
            
            
            CNNVD: CNNVD-201106-172 // 
            
            
            
            NVD: CVE-2011-2092

REFERENCES
url:http://www.adobe.com/support/security/bulletins/apsb11-15.html
Trust: 2.0
url:http://www.securitytracker.com/id?1025656
Trust: 1.0
url:http://www.securitytracker.com/id?1025657
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2092
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2092
Trust: 0.8
url:http://secunia.com/advisories/43013
Trust: 0.6
url:http://secunia.com/advisories/44922
Trust: 0.6
url:http://www.nsfocus.net/vulndb/17048
Trust: 0.6
url:http://www.nsfocus.net/vulndb/19537
Trust: 0.6
url:http://www.adobe.com
Trust: 0.3
url:http://www.granitedataservices.com/granite-data-services-2-2-1-ga-released/
Trust: 0.3
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.2
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.2
url:http://conference.first.org/
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.2
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44922
Trust: 0.1
url:http://wouter.coekaerts.be/2011/amf-arbitrary-code-execution
Trust: 0.1
url:http://secunia.com/advisories/44922/
Trust: 0.1
url:http://secunia.com/advisories/44922/#comments
Trust: 0.1
url:http://www.adobe.com/support/security/bulletins/apsb11-14.html
Trust: 0.1
url:http://secunia.com/advisories/43013/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=43013
Trust: 0.1
url:http://secunia.com/advisories/43013/#comments
Trust: 0.1
sources:
            
            
            BID: 48279 // 
            
            
            
            JVNDB: JVNDB-2011-001777 // 
            
            
            
            PACKETSTORM: 102306 // 
            
            
            
            PACKETSTORM: 102313 // 
            
            
            
            CNNVD: CNNVD-201106-172 // 
            
            
            
            NVD: CVE-2011-2092

CREDITS
Wouter Coekaerts
Trust: 0.3
sources:
            
            
            BID: 48279

SOURCES
db:BIDid:48279
db:JVNDBid:JVNDB-2011-001777
db:PACKETSTORMid:102306
db:PACKETSTORMid:102313
db:CNNVDid:CNNVD-201106-172
db:NVDid:CVE-2011-2092

LAST UPDATE DATE
2024-11-23T22:23:27.558000+00:00

SOURCES UPDATE DATE
db:BIDid:48279date:2012-05-01T17:21:00
db:JVNDBid:JVNDB-2011-001777date:2013-03-26T00:00:00
db:CNNVDid:CNNVD-201106-172date:2011-06-17T00:00:00
db:NVDid:CVE-2011-2092date:2024-11-21T01:27:34.310

SOURCES RELEASE DATE
db:BIDid:48279date:2011-06-14T00:00:00
db:JVNDBid:JVNDB-2011-001777date:2011-06-28T00:00:00
db:PACKETSTORMid:102306date:2011-06-16T02:14:36
db:PACKETSTORMid:102313date:2011-06-16T02:14:54
db:CNNVDid:CNNVD-201106-172date:2011-06-17T00:00:00
db:NVDid:CVE-2011-2092date:2011-06-16T23:55:01.527