JBoss Enterprise Application Platform privilege escalation vulnerability CVE-2016-8656 and CVE-2016-8657

Updated

Overview

The privilege escalation issue was originally reported against tomcat init scripts (CVE-2016-6325 and CVE-2016-1240 ) and as result of further research was found that it is also applicable to Red Hat JBoss Enterprise Application Platform.

The CVE-2016-8656 addresses issue with the jbossas init script that performs unsafe file handling, which could result in local privilege escalation.The log files can be symbolically linked to important system files and thus allowing someone with jboss group to gain privilege escalation.This issue affects Red Hat JBoss Enterprise Application Platform 5,6 and 7.

The CVE-2016-8657 addresses the issue with incorrect permissions for /etc/sysconfig/jbossas configuration files with certain Red Hat Enterprise Linux versions.A user with jboss group membership can access configuration files and gain a escalation.This issue affects Red Hat JBoss Enterprise Application Platform 5 and 6.

Environment

  • Red Hat JBoss Enterprise Application Platform 5.2
  • Red Hat JBoss Enterprise Application Server 6.4.x
  • Red Hat JBoss Enterprise Application Server 7.x

Resolution:

Red Hat JBoss Enterprise Application Platform 6.4.x

The CVE-2016-8656 was fixed in EAP 6.4.13

RHSA-2017-0246 RHEL-5
RHSA-2017-0244 RHEL-6
RHSA-2017-0245 RHEL-7
RHSA-2017-0250 EC2

The CVE-2016-8657 was fixed in 6.4.14.

RHSA-2017-0826 RHEL-5
RHSA-2017-0827 RHEL-6
RHSA-2017-0828 RHEL-7
RHSA-2017-0829 EC2

Red Hat JBoss Enterprise Application Platform 7

The CVE-2016-8656 was fixed in EAP 7.0.5

RHSA-2017-0831 RHEL-6
RHSA-2017-0832 RHEL-7
RHSA-2017-0834 EC2

Product(s)
Category
Components
Tags
Article Type