000011880 - Execution with Unnecessary Privileges

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011880
Applies ToRSA Key Manager Server versions 1.5.x, 2.0.x, 2.1.3.x, 2.2.x and 2.5.x
Known Exploitation of the Vulnerability:
RSA, The Security Division of EMC, is not aware of any attacks utilizing this vulnerability.
IssueExecution with Unnecessary Privileges
Execution with Unnecessary Privileges
Impact:
An unauthorized attacker could leverage this vulnerability to escalate the severity of vulnerability for a variety of immediate compromises including the theft of sensitive information, unauthorized use of system resources, or denial of service.
CauseVulnerability Description:
Tomcat5.exe service was running with unnecessary privileges. Running a service using unnecessary privileges increases the severity associated with many other vulnerabilities that may be found within the application.  A service running with unnecessary privileges may allow an attacker access to resources that he/she may not have been allowed if the service were executed using the minimum set of privileges necessary.
ResolutionThis issue is fixed in RKM Server 2.7. The fix includes documentation on how to configure RKM Server with least privilege.  For more details, refer to RSA Key Manager Server 2.7 Installation Guides, section Prerequisites => Create User Accounts.  Any deployments of RKM Server versions prior to 2.7 should be upgraded to the latest version of RKM Server 2.7, and documentation followed to configure RKM Server with minimal privilege.

RKM Server software versions

 

2.5.x

2.2.x

2.1.x

2.0.x

1.5.x

Server

2.7

2.7

2.7

2.7

EOL

Legacy Article IDa49698

Attachments

    Outcomes