CVE-2017-3252

OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)

Severity Score

5.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts).

Vulnerabilidad en el componente Java SE, Java SE Embedded, JRockit de Oracle Java SE (Subcomponente:JAAS). Versiones compatibles que están afectadas son Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Vulnerabilidad difícil de explotar permite a atacantes poco privilegiados con acceso a la red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded, JRockit. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Java SE, Java SE Embedded, JRockit, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en creación no autorizada, inserción o borrado de acceso a todos los datos accesibles de Java SE, Java SE Embedded, JRockit. Nota: Aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada a través de aplicaciones Java Web Start y applets Java aislados. También puede ser explotada suministrando datos de APIs en el componente especificado sin utilizar aplicaciones Java Web Start o applets Java aislados, como por ejemplo mediante un servicio web. CVSS v3.0 Base Score 5.8 (Impactos de integridad).

It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-12-06 CVE Reserved
2017-01-20 CVE Published
2024-08-05 CVE Updated
2024-09-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (19)

URL	Tag	Source
http://www.securityfocus.com/bid/95509	Third Party Advisory
http://www.securitytracker.com/id/1037637	Vdb Entry
https://security.netapp.com/advisory/ntap-20170119-0001	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2017-0175.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2017-0176.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2017-0177.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2017-0180.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2017-0263.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2017-0269.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2017-0336.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2017-0337.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2017-0338.html	2018-01-05
http://www.debian.org/security/2017/dsa-3782	2018-01-05
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	2018-01-05
https://access.redhat.com/errata/RHSA-2017:1216	2018-01-05
https://security.gentoo.org/glsa/201701-65	2018-01-05
https://security.gentoo.org/glsa/201707-01	2018-01-05
https://access.redhat.com/security/cve/CVE-2017-3252	2017-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=1413906	2017-05-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.6 Search vendor "Oracle" for product "Jdk" and version "1.6"		update_131		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.7 Search vendor "Oracle" for product "Jdk" and version "1.7"		update_121		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.8 Search vendor "Oracle" for product "Jdk" and version "1.8"		update_111		Affected
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.8 Search vendor "Oracle" for product "Jdk" and version "1.8"		update_112		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.6 Search vendor "Oracle" for product "Jre" and version "1.6"		update_131		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.7 Search vendor "Oracle" for product "Jre" and version "1.7"		update_121		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.8 Search vendor "Oracle" for product "Jre" and version "1.8"		update_111		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.8 Search vendor "Oracle" for product "Jre" and version "1.8"		update_112		Affected
Oracle Search vendor "Oracle"		Jrockit Search vendor "Oracle" for product "Jrockit"				r28.3.12 Search vendor "Oracle" for product "Jrockit" and version "r28.3.12"		-		Affected