| VID |
22137 |
| Severity |
40 |
| Port |
8888 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Sun AnswerBook2 dwhttpd is vulnerable to a format string vulnerability.
Sun AnswerBook2 is a utility that allows users to view Sun online documentation using a Web browser. Inso DynaWeb webserver, dwhttpd, is used as a subcomponent in products such as Sun's AnswerBook2. AnswerBook2 is shipped as part of the Solaris operating environment.
AnswerBook2 versions 1.2 through 1.4.3 are vulnerable to a format string vulnerability in the dwhttpd daemon. Remote attackers can exploit this vulnerability by supplying a long input string of hexidecimal encoded characters as a file name in a specially-crafted GET request to execute code on the system with the privileges of the web service (daemon).
* Platforms Affected:
DynaWeb dwhttpd 4.0.2a7a
DynaWeb dwhttpd 4.1a6
Sun AnswerBook2 1.2
Sun AnswerBook2 1.3
Sun AnswerBook2 1.4
Sun AnswerBook2 1.4.1
Sun AnswerBook2 1.4.2
Sun AnswerBook2 1.4.3
* References:
http://www.securiteam.com/unixfocus/5SP081F80K.html
http://online.securityfocus.com/bid/5384
http://www.iss.net/security_center/static/9758.php |
| Recommendation |
Two steps are required to protect against these vulnerabilities:
1. Update AnswerBook2 to the latest version (at least version 1.4.2). The latest version of AnswerBook2 can be dowloaded from:
http://www.sun.com/software/ab2/dwnld_versions.html
2. Install the AnswerBook2 patch, available from "SunSolve Online" at http://sunsolve.sun.com/pub-cgi/show.pl?target=home
For AnswerBook 1.4.2, apply the 110531-01 patch.
For AnswerBook 1.4.2_x86, apply the 110537-01 patch.
For AnswerBook 1.4.3, apply the 110532-01 patch.
For AnswerBook 1.4.3_x86, apply the 110538-01 patch.
* Note: The AnswerBook2 web server has been End-of-Lifed and is no longer included with Solaris releases (as of Solaris 9). |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
