Note: This is an archival copy of Security Sun Alert 201498 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001119.1.
Date of Resolved Release
An unprivileged local or remote user may be able to execute arbitrary commands with the privileges of the AnswerBook2 server daemon, which is normally uid "daemon", on an AnswerBook2 (AB2) server system.
This issue is one of two vulnerabilities discussed in S21sec advisory s21sec-004 at: http://www.s21sec.com/en/avisos/s21sec-004-en.txt
The other vulnerability discussed in the S21sec advisory is described in Sun Alert 57400.
This issue is also described in Sun Security Bulletin #00196 at: http://sunsolve.sun.com/pub-cgi/secBulletin.pl
This issue can occur in the following releases:
To determine the version of the currently installed AnswerBook2 Server, run the following command:
$ grep SUNW_PRODVERS /var/sadm/pkg/SUNWab2[rsu]/pkginfo /var/sadm/pkg/SUNWab2r/pkginfo:SUNW_PRODVERS=1.4.2 /var/sadm/pkg/SUNWab2s/pkginfo:SUNW_PRODVERS=1.4.2 /var/sadm/pkg/SUNWab2u/pkginfo:SUNW_PRODVERS=1.4.2
There are no predictable symptoms that would show the described issue has been exploited to execute arbitrary commands with the privileges of the AnswerBook2 daemon on a system.
Sites which have configured AnswerBook2 Documentation Servers may wish to disable AB2 and instead refer to Sun documentation at the Sun Product Documentation web site at: http://docs.sun.com or view the documentation on the Solaris Documentation CD.
To disable the AnswerBook2 Documentation Server, the following commands can be run as the root user:
# /usr/lib/ab2/bin/ab2admin -o stop # /usr/lib/ab2/bin/ab2admin -o autostart_no
This issue is addressed in the following releases:
AnswerBook2 Documentation Server 1.4
This solution has no attachment