English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

IBM Sterling B2B Integrator Multiple Products CLA2 Server Arbitrary Command Injection Vulnerability


Secunia ID

SA53007

CVE-ID

CVE-2012-5937

Release Date

11 Apr 2013

Last Change

13 Sep 2013

Criticality

Moderately Critical

Solution Status

Vendor Patch

Software

IBM Gentran Integration Suite 4.x
IBM Sterling B2B Integrator 5.x
IBM Sterling File Gateway 1.x
IBM Sterling File Gateway 2.x

Where

From local network

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

A vulnerability has been reported in multiple IBM Sterling B2B Integrator products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the CLA2 server and can be exploited to inject and execute arbitrary shell commands.

The vulnerability is reported in the following products and versions:
* IBM Gentran Integration Suite version 4.3
* IBM Sterling Integrator version 5.0
* IBM Sterling Integrator version 5.1
* IBM Sterling B2B Integrator version 5.2
* IBM Sterling File Gateway version 1.1
* IBM Sterling File Gateway version 2.0
* IBM Sterling File Gateway version 2.1
* IBM Sterling File Gateway version 2.2

Solution

Gentran Integration Suite 4.3:
Sterling File Gateway 1.1:
Apply iFix 4325_1 (download from IWM)

Sterling Integrator 5.0:
Sterling File Gateway 2.0:
Apply iFix 5009_1 (download from IWM)

Sterling Integrator 5.1:
Sterling File Gateway 2.1:
Apply Fix Pack 5104 (download from IWM)

Sterling B2B Integrator 5.2:
Sterling File Gateway 2.2:
Apply iFix 5020401_2 (download from Fix Central)

Reported by

Reported by the vendor.

Original Advisory

IBM (IC85189):
http://www.ibm.com/support/docview.wss?uid=swg21633925
http://www.ibm.com/support/docview.wss?uid=swg24034725
http://www.ibm.com/support/docview.wss?uid=swg21633925
http://www.ibm.com/support/docview.wss?uid=swg24034754