ViRobot Linux Server addschup Cookie Field Remote Overflow

2005-06-15T04:57:42
ID OSVDB:17320
Type osvdb
Reporter Kevin Finisterre(kf@digitalmunition.com)
Modified 2005-06-15T04:57:42

Description

Vulnerability Description

A remote overflow exists in ViRobot Linux Server. ViRobot Linux Server fails to perform proper bounds checks in the setuid cgi-bin file 'addschup' when processing the received cookie resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary command execution via inserting commands into the root users crontab file resulting in a loss of integrity.

Technical Description

Successful exploitation requires the ability to connect to the server's webadmin port.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Short Description

A remote overflow exists in ViRobot Linux Server. ViRobot Linux Server fails to perform proper bounds checks in the setuid cgi-bin file 'addschup' when processing the received cookie resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary command execution via inserting commands into the root users crontab file resulting in a loss of integrity.

References:

Vendor URL: http://www.globalhauri.com/ Vendor Specific Solution URL: http://www.globalhauri.com/html/download/down_unixpatch.html Secunia Advisory ID:15700 Other Advisory URL: http://www.digitalmunition.com/DMA[2005-0614a].txt Nessus Plugin ID:18494 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0188.html ISS X-Force ID: 21000 Generic Exploit URL: http://www.securiteam.com/exploits/5TP0C1FG1I.html CVE-2005-2041 Bugtraq ID: 13964