Advisory Details

October 18th, 2010

IBM Rational Quality Manager and Test Lab Manager Backdoor Account Remote Code Execution Vulnerability

ZDI-10-214
ZDI-CAN-699

CVE ID
CVSS SCORE 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
AFFECTED VENDORS IBM
AFFECTED PRODUCTS Rational Quality Manager
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute code on vulnerable installations of Rational Quality Manager and Rational Test Lab Manager. Authentication is not required to exploit this vulnerability.

The flaw exists within the installation of the bundled tomcat server. The default ADMIN account is improperly disabled within 'tomcat-users.xml' An account providing manager role level access is left enabled with a default password. A remote attacker can use this vulnerability to execute arbitrary code under the context of the tomcat server.

VENDOR RESPONSE IBM states:

this issue was fixed in Version 7.9.0.3 build: 1046.

The down load for the rules update is called "Apache Tomcat Weak Default Administrative Account Credentials" and is available here:
http://download4.boulder.ibm.com/sar/CMA/RAA/013m6/0/Rules-Update-749.exe It's called.


DISCLOSURE TIMELINE
  • 2010-06-30 - Vulnerability reported to vendor
  • 2010-10-18 - Coordinated public release of advisory
CREDIT AbdulAziz Hariri
BACK TO ADVISORIES