jboss-ec2-eap provides JBoss Operations Network (JBoss ON) scripts for
JBoss Enterprise Application Platform running on the Amazon Web
Services (AWS) Elastic Compute Cloud (EC2).
It was found that the “/var/cache/jboss-ec2-eap/” directory had world
readable permissions when using the EC2 AMI (Amazon Machine Image) for
JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise Linux
6. A local attacker could use this flaw to read potentially sensitive
information from this directory, such as Amazon Web Services (AWS)
credentials. (CVE-2012-3427)
Note: This flaw only affected the EC2 AMI for JBoss Enterprise Application
Platform 5.1.2.
This issue was discovered by Aleksandar Kostadinov of the Red Hat QE Team.
Warning: Before applying this update, back up your JBoss Enterprise
Application Platform’s “server/[PROFILE]/deploy/” directory, along with all
other customized configuration files.
Users of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise
Linux 6 running on EC2 should upgrade to this updated package, which
corrects this issue. The JBoss server process must be restarted for this
update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | jboss-ec2-eap | < 5.1.2-8.11.ep5.el6 | jboss-ec2-eap-5.1.2-8.11.ep5.el6.noarch.rpm |
RedHat | 6 | src | jboss-ec2-eap | < 5.1.2-8.11.ep5.el6 | jboss-ec2-eap-5.1.2-8.11.ep5.el6.src.rpm |