1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
|
Rule:
--
Sid:
2052
--
Summary:
This event is generated when an attempt is made to exploit a known
vulnerability in Sun Cobalt RaQ server appliances.
--
Impact:
Execution of code and possible root compromise of the system.
--
Detailed Information:
A vulnerability in the security hardening package for Sun Cobalt RaQ 4
and RaQ 3 running RaQ 4 does not filter user input to the email variable
in the overflow.cgi script correctly.
POST requests to the script may contain code in the email variable which
will then be processed with the privilege of the super user on the
system.
--
Affected Systems:
Sun Cobalt RaQ 4 Server Appliances with the Security Hardening Package
installed
Sun Cobalt RaQ 3 Server Appliances running the RaQ 4 build with the
Security Hardening Package installed
--
Attack Scenarios:
An attacker can supply his own POST request to the overflow.cgi script
that contains code he wishes to run.
An exploit is also available.
--
Ease of Attack:
Simple
--
False Positives:
None Known
--
False Negatives:
None Known
--
Corrective Action:
Apply the appropriate vendor fixes.
--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>
--
Additional References:
CERT:
http://www.kb.cert.org/vuls/id/810921
http://www.cert.org/advisories/CA-2002-35.html
--
|