ViRobot Server web interface addschup buffer overflow

2006-07-28T00:00:00
ID SAINT:7633FA20273522392C8E980EF49B6DE5
Type saint
Reporter SAINT Corporation
Modified 2006-07-28T00:00:00

Description

Added: 07/28/2006
CVE: CVE-2005-2041
BID: 13964
OSVDB: 17320

Background

ViRobot Linux Server includes a web-based control interface.

Problem

A buffer overflow in the **addschup** CGI program included in the ViRobot Linux Server allows remote attackers to write arbitrary commands into the root crontab file, leading to complete control over the server.

Resolution

Apply the patch.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0188.html>

Platforms

Linux