EnterpriseDB PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass

2011-03-21T00:00:00
ID SAINT:175A0708A94006ECB6B67AEB727FACE1
Type saint
Reporter SAINT Corporation
Modified 2011-03-21T00:00:00

Description

Added: 03/21/2011
BID: 46662

Background

Postgres Plus Advanced Server is an enterprise database solution. It includes several productivity tools, such as Migration Studio, Postgres Studio, DBA Management Server, and DBA Monitoring Console.

Problem

An authentication bypass vulnerability exists in the browser-based DBA Management Server tool included with EnterpriseDB Postgres Plus Advanced Server versions 8.x prior to 8.4.7.20. Postgres Plus Advanced Server uses JBoss Application Server to execute the DBA Management Server. The JBoss configuration does not limit access to the jmx-console and web-console applications. Unauthenticated clients can use these applications to upload and execute malicious files.

Resolution

Update DBA Management Server to Build 39, or remove the jmx-console and web-console applications from the Postgres Plus Advanced Server.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-102/>
<http://secunia.com/advisories/43590/>

Limitations

This exploit works against EnterpriseDB Postgres Plus Advanced Server 8.4.5.18 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP1 English (DEP OptOut).

Platforms

Windows