ViRobot Server web interface addschup buffer overflow

2006-07-28T00:00:00
ID SAINT:4EEFDE306B495CA900A9A5DF4A9D447B
Type saint
Reporter SAINT Corporation
Modified 2006-07-28T00:00:00

Description

Added: 07/28/2006
CVE: CVE-2005-2041
BID: 13964
OSVDB: 17320

Background

ViRobot Linux Server includes a web-based control interface.

Problem

A buffer overflow in the **addschup** CGI program included in the ViRobot Linux Server allows remote attackers to write arbitrary commands into the root crontab file, leading to complete control over the server.

Resolution

Apply the patch.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0188.html>

Platforms

Linux