AnswerBook Vulnerabilities
Impact
Vulnerabilities in the AnswerBook server could allow
a remote attacker to execute arbitrary code.
Background
The AnswerBook2
Documentation Server from Sun
Microsystems provides access to Sun documentation using
a web browser. AnswerBook2 runs a daemon called
dwhttpd.
The Problems
There are two vulnerabilities in dwhttpd.
The first could allow an attacker to create a new user,
allowing the attacker to then access the AnswerBook2
administrative interface. Once the attacker has
access to the administrative interface, the second vulnerability
could allow arbitrary commands to be executed
by creating log files whose names contain the commands
to be executed.
AnswerBook2 1.4.2 (if unpatched) and earlier versions
are affected by this vulnerability.
Resolutions
Upgrade
to a version of AnswerBook2 higher than
1.4.2 if available. Otherwise, upgrade to version
1.4.2 and apply Sun patch
110011-02. (110012-02 for x86 platforms.)
Where can I read more about this?
For more information see
Sun Security Bulletin #00196.