Security researchers have discovered a serious vulnerability in PeopleSoft Inc.s PeopleTools application framework that can lead to a complete compromise of the installations embedded Web server. This could in turn give the attacker confidential information about the server and its contents and help him compromise other PeoplSoft applications.
The flaw is in the Java servlet that moves reports to and from the PeopleSoft repository. By default, this servlet runs on the PeopleSoft Web server and does not require authentication for use.
The servlet, known as the SchedulerTransfer, contains code that handles uploading files sent by HTTP "post" requests. The software attempts to guard against directory-traversal attacks through a series of checks that remove certain path-separating characters from file names. But the checks are incomplete, making it possible for an attacker to create or overwrite files outside the specified directory to which files should be uploaded, according to an advisory released Monday by Internet Security Systems Inc.
The attacker could then overwrite existing Java servlets in order to execute his code on the vulnerable machine.
The vulnerability affects versions 8.10-8.18, 8.40 and 8.41 of PeopleTools, ISS said.
Most Recent Security Stories:
Search for more stories by Dennis Fisher.
Find white papers on security.