Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2003.0731 -- Sun(sm) Alert Notification Sun Alert ID: 23412 - Vulnerability in Solaris "AnswerBook2 Documentation Server" Daemon 20 October 2003 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: AnswerBook2 Documentation Server Daemon (versions prior to 1.4.3) Publisher: Sun Microsystems Operating System: Solaris 8 Impact: Execute Arbitrary Code/Commands Access Required: Remote Original bulletin available at: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F23412 See also the releated issue (Sun Alert ID: 57400) at: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57400 - --------------------------BEGIN INCLUDED TEXT-------------------- DOCUMENT ID: 23412 SYNOPSIS: Vulnerability in Solaris "AnswerBook2 Documentation Server" Daemon DETAIL DESCRIPTION: Sun(sm) Alert Notification * Sun Alert ID: 23412 * Synopsis: Vulnerability in Solaris "AnswerBook2 Documentation" Server Daemon * Category: Security * Product: AnswerBook2 Documentation Server * BugIDs: 4353727 * Avoidance: Upgrade, Patch * State: Resolved * Date Released: 10-Aug-2000, 16-Oct-2003 * Date Closed: 10-Aug-2000 * Date Modified: 10-Aug-2000, 16-Oct-2003 1. Impact An unprivileged local or remote user may be able to execute arbitrary commands with the privileges of the AnswerBook2 server daemon, which is normally uid "daemon", on an AnswerBook2 (AB2) server system. This issue is one of two vulnerabilities discussed in S21sec advisory s21sec-004 at: [1]http://www.s21sec.com/en/avisos/s21sec-004-en.txt The other vulnerability discussed in the S21sec advisory is described in Sun Alert 57400. This issue is also described in Sun Security Bulletin #00196 at: [2]http://sunsolve.sun.com/pub-cgi/secBulletin.pl 2. Contributing Factors This issue can occur in the following releases: SPARC * AnswerBook2 Documentation Server Version 1.4.1 or earlier * AnswerBook2 Documentation Server Version 1.4.2 without patch 110011-02 x86 Platform * AnswerBook2 Documentation Server Version 1.4.1 or earlier * AnswerBook2 Documentation Server Version 1.4.2 without patch 110012-02 Notes: 1. AnswerBook2 is no longer supported as of Solaris 9, and thus Solaris 9 is not affected. 2. AnswerBook2 Documentation Server version 1.4.2 first shipped with Solaris 8. 3. AnswerBook2 Documentation Server versions 1.4.3 and later are not affected by this issue. To determine the version of the currently installed AnswerBook2 Server, run the following command: $ grep SUNW_PRODVERS /var/sadm/pkg/SUNWab2[rsu]/pkginfo /var/sadm/pkg/SUNWab2r/pkginfo:SUNW_PRODVERS=1.4.2 /var/sadm/pkg/SUNWab2s/pkginfo:SUNW_PRODVERS=1.4.2 /var/sadm/pkg/SUNWab2u/pkginfo:SUNW_PRODVERS=1.4.2 3. Symptoms There are no predictable symptoms that would show the described issue has been exploited to execute arbitrary commands with the privileges of the AnswerBook2 daemon on a system. SOLUTION SUMMARY: 4. Relief/Workaround Sites which have configured AnswerBook2 Documentation Servers may wish to disable AB2 and instead refer to Sun documentation at the Sun Product Documentation web site at: [3]http://docs.sun.com or view the documentation on the Solaris Documentation CD. To disable the AnswerBook2 Documentation Server, the following commands can be run as the root user: # /usr/lib/ab2/bin/ab2admin -o stop # /usr/lib/ab2/bin/ab2admin -o autostart_no 5. Resolution This issue is addressed in the following releases: SPARC Platform * Upgrade to AnswerBook2 Documentation Server version 1.4.2 with patch 110011-02 x86 Platform * Upgrade to AnswerBook2 Documentation Server version 1.4.2 with patch 110012-02 Notes: 1. Sites with AnswerBook2 Documentation Server version 1.4.1 or earlier need to first upgrade AnswerBook2 to version 1.4.2 before applying the above patches. 2. AnswerBook2 Documentation Server version 1.4.2 is available for download at: [4]http://www.sun.com/software/ab2 Change History: 15-Oct-2003: * Updated: Contributing Factors, Symptoms, Relief/Workaround, and Resolution sections APPLIES TO: Network Security References 1. http://www.s21sec.com/en/avisos/s21sec-004-en.txt 2. http://sunsolve.sun.com/pub-cgi/secBulletin.pl 3. http://docs.sun.com/ 4. http://www.sun.com/software/ab2 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBP5Nk0ih9+71yA2DNAQHN2gQAg+0xRfRxziY3j5DDhY3YD+23l4/9i3vI p2spV/KwgWPYDKB9HBumc/GTN2jEfaPfD2/FFjU8YG42kJcK5k2eB8Ye5lQxTsnX x4FCeUoJu1ZEI0DFQ189lJ0k1DrKDFzLkXw1syfxZpuTBQtUQb4+MPeq9du2aHNC 5uQvtIxdEmI= =TxH0 -----END PGP SIGNATURE-----