Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Virtualization Manager (VMAN) > JAVA JMX interface vulnerability

JAVA JMX interface vulnerability

Updated March 14, 2017

Overview

This article solves the JAVA JMX interface vulnerability.

CVE-2015-2342

Environment

VMAN 6.x.x

Cause 

Details from the vulnerability report:

The Java Management extensions (JMX) service on this host does not require any authentication. The JMX/RMI service is used to monitor the Java Virtual Machine (JVM), but can also be used to register a new managed bean (MBean) from a remote URL using the "javax.management.loading.MLet" function. Using this function, a remote, unauthenticated attacker can upload and run a JAR file containing arbitrary Java code of the attacker's choosing.

Impact:
An attacker can execute arbitrary Java code running with the same privileges as the JMX/RMI process.

Resolution

Note: This resolution will block the JMX ports in the appliance's firewall. Another option is to just block it elsewhere according to the customer's options.

Log in to the VMAN appliance using SSH and execute the following commands:
sudo iptables -A INPUT -p tcp --dport 1099 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1099 -j DROP

sudo iptables -A INPUT -p tcp --dport 9004 -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 9004 -j DROP

sudo /etc/init.d/iptables save

 

 

 

Last modified
20:20, 13 Mar 2017

Tags

Classifications

Public