TUCoPS :: SunOS/Solaris :: sun5359.htm

Sun Answerbook2 Remote Stack Based Overflow
22th May 2002 [SBWID-5359]
COMMAND

	Sun AnswerBook2 remote stack based overflow

SYSTEMS AFFECTED

	Sun AnswerBook2 1.4, 1.4.1, 1.4.2, 1.4.3

PROBLEM

	In  Kevin  Kotas  of  eSecurityOnline   [http://www.eSecurityOnline.com]
	advisory [#5063] :
	

	The  problem  is  due  to  the  gettransbitmap  CGI  that   comes   with
	AnswerBook2 not correctly performing bounds  checking  on  the  filename
	argument.
	

	A remote attacker can create a request that  will  result  in  arbitrary
	code execution with user daemon privileges.

SOLUTION

	Presently, there are  no  vendor  patches  available.  As  a  workaround
	solution, remove access to the gettransbitmap binary.
	

	chmod 0000 <path to>/gettransbitmap

	

	Otherwise, disable AnswerBook2.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH