| VID |
21254 |
| Severity |
40 |
| Port |
8888 |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Gettransbitmap CGI in the Sun AnswerBook2 server is vulnerable to a buffer overflow attack.
The Sun AnswerBook2 Documentation Server is a tool available for the Solaris operating system that allows users to view Sun documentation using any Web browser. Sun AnswerBook2 versions 1.4 through 1.4.3 allows are vulnerable to a buffer overflow in the gettransbitmap CGI program. The problem is due to the gettransbitmap CGI that comes with AnswerBook2 not correctly performing bounds checking on the filename argument. By requesting a file with an overly long filename, a remote attacker could overflow a buffer and execute arbitrary code on the system with user daemon privileges.
* References:
http://marc.theaimsgroup.com/?l=vulnwatch&m=102194510509450&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=102198846905064&w=2
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0071.html
http://www.securiteam.com/unixfocus/5NP0O0A75W.html
http://www.eSecurityOnline.com/advisories/eSO5063.asp
http://online.securityfocus.com/archive/1/273373
* Platforms Affected:
Solaris Any version
Sun AnswerBook2 1.4
Sun AnswerBook2 1.4.1
Sun AnswerBook2 1.4.2
Sun AnswerBook2 1.4.3 |
| Recommendation |
There are no vendor patches available as of June 2014.
As a workaround, remove access to the gettransbitmap binary:
chmod 0000 <path to>/gettransbitmap.
Or disable AnswerBook2, if it is not required. |
| Related URL |
CVE-2002-0360 (CVE) |
| Related URL |
4784 (SecurityFocus) |
| Related URL |
9117 (ISS) |
|
