Vulners
Lucene search
Solaris AnswerBook2 - Remote Command Execution
source: https://www.securityfocus.com/bid/1556/info
A vulnerability exists in version 1.4.2 and prior of the AnswerBook2 server from Sun. It is possible for remote users who have administrative access to execute arbitrary commands on the machine running AnswerBook2. These commands will be executed with the privileges of user 'daemon'
One of the options you have while administering the AB2 is to rotate the
access and error logs. The server allows you to specify the target file
where the logs will be rotated to. You can use ../../../../../this/file to
create and overwrite files outside the web server document root directory.
Further investigation showed that the server performs the following command
to rotate the server logs:
sh -c "cp /var/log/ab2/logs/original_log
/var/log/ab2/logs/USER_PROVIDED_TARGET"
So an attacker could specify a destination log like "x ; uname -a" that will
translate to:
sh -c "cp /var/log/ab2/logs/original_log /var/log/abs/logs/x ; uname -a"Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Aug 2000 00:00Current
7High risk
Vulners AI Score7