[UNIX] AOLserver DB Proxy Daemon Format String Vulnerability
From: support@securiteam.comDate: 04/17/02
- Previous message: support@securiteam.com: "[EXPL] An Alternative Method to Check for LKM Backdoor/Rootkit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 17 Apr 2002 11:52:43 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
AOLserver DB Proxy Daemon Format String Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://sourceforge.net/projects/aolserver/> AOLserver is a
multithreaded, TCL-enabled, massively scalable and extensible web server
tuned for large scale, dynamic Web sites such as Digital City and AOL.COM.
AOLserver also includes complete database integration and a dynamic page
scripting language. The Laboratory intexxia found a format string
vulnerability in the AOLserver external database driver proxy daemon API
that could lead to a privilege escalation.
DETAILS
Vulnerable systems:
AOLserver version 3.4.2
AOLserver version 3.4.1
AOLserver version 3.4
AOLserver version 3.3.1
AOLserver version 3.2.1
AOLserver version 3.2
AOLserver version 3.1
AOLserver version 3.0
AOLserver provides an API to develop external database driver proxy
daemons. Those daemons are linked to a library (libnspd.a).
The Laboratory intexxia found a format string and a buffer overflow
vulnerability in the 'Ns_PdLog' function of the library. Successful
exploitation of the bug could allow an attacker to execute code and get
access on the system.
As a result, all the External Driver Proxy Daemons using the 'Ns_PdLog'
function with the 'Error' or 'Notice' parameter are potentially
vulnerable.
Solution:
This vulnerability has been fixed in the current version in CVS branch
nsd_v3_r3_p0 (post-AOLserver 3.4.2) and can be used for any affected
version. The patch used was created by intexxia and can be found in
attachment. More information can be found at the following URL:
<http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1> http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1
ADDITIONAL INFORMATION
The information has been provided by <mailto:benoit.roussel@intexxia.com>
Benoît Roussel.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[EXPL] An Alternative Method to Check for LKM Backdoor/Rootkit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
