IBM Tivoli Application Dependency Discovery Manager 中间人攻击漏洞(CVE-2012-5770)
发布日期:2013-03-04
更新日期:2013-03-06
受影响系统:IBM Tivoli Application Dependency Discovery Manager 7.2.0
描述:
BUGTRAQ ID:
58297
CVE(CAN) ID:
CVE-2012-5770
IBM Tivoli Application Dependency Discovery Manager是业务管理解决方案。
Tivoli Application Dependency Discovery Manager 7.2.0.0-7.2.1.3对SSL通讯使用了弱MD5哈希算法的证书,攻击者需要对TADDM服务器及其客户端(GUI或API)具有访问权限,才能劫持并破解证书。如果使用了较强的哈希算法证书,则不容易破解。
<*来源:IBM (
ncsupp@ca.ibm.com)
链接:
http://www-01.ibm.com/support/docview.wss?uid=swg21626029
http://xforce.iss.net/xforce/xfdb/80354
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
*通过以下命令手动生成证书:
<taddm_dist_dir>/external/<jdk-for-platform>/bin/keytool -delete -alias collation -keystore <taddm_dist_dir>/etc/serverkeys -storepass <ssl-password>
<taddm_dist_dir>external/<jdk-for-platform>/bin/keytool -genkey -alias collation -keystore <taddm_dist_dir>/etc/serverkeys -validity 3650 -keyAlg RSA -sigalg SHA256WithRSA -keypass <ssl-password> -storepass <ssl-password> -dname "CN=<TADDM_SERVER_FQDN>, OU=Engineering, O=IBM, L=Palo Alto, S=California, C=US"
<taddm_dist_dir>external/<jdk-for-platform>/bin/keytool -export -alias collation -noprompt -keystore <taddm_dist_dir>/etc/serverkeys -keypass <ssl-password> -storepass <ssl-password> -file <taddm_dist_dir>/cert.tmp
<taddm_dist_dir>external/<jdk-for-platform>/bin/keytool -delete -alias collation -noprompt -keystore <taddm_dist_dir>/etc/jssecacerts.cert -storepass <ssl-password>
<taddm_dist_dir>external/<jdk-for-platform>/bin/keytool -import -alias collation -noprompt -keystore <taddm_dist_dir>/etc/jssecacerts.cert -keypass <ssl-password> -storepass <ssl-password> -file <taddm_dist_dir>/cert.tmp
厂商补丁:
IBM
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www-01.ibm.com/software/tivoli/products/taddm/浏览次数:4154
严重程度:0(网友投票)
