Note: This is an archival copy of Security Sun Alert 201498 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001119.1.
Article ID : 1001119.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Vulnerability in Solaris "AnswerBook2 Documentation" Server Daemon

Category
Security

Release Phase
Resolved

Bug Id
4353727

Date of Resolved Release
10-AUG-2000

Impact

An unprivileged local or remote user may be able to execute arbitrary commands with the privileges of the AnswerBook2 server daemon, which is normally uid "daemon", on an AnswerBook2 (AB2) server system.

This issue is one of two vulnerabilities discussed in S21sec advisory s21sec-004 at: http://www.s21sec.com/en/avisos/s21sec-004-en.txt

The other vulnerability discussed in the S21sec advisory is described in Sun Alert 57400.

This issue is also described in Sun Security Bulletin #00196 at: http://sunsolve.sun.com/pub-cgi/secBulletin.pl


Contributing Factors

This issue can occur in the following releases:

SPARC

  • AnswerBook2 Documentation Server Version 1.4.1 or earlier
  • AnswerBook2 Documentation Server Version 1.4.2 without patch 110011-02

x86 Platform

  • AnswerBook2 Documentation Server Version 1.4.1 or earlier
  • AnswerBook2 Documentation Server Version 1.4.2 without patch 110012-02

Notes:

  1. AnswerBook2 is no longer supported as of Solaris 9, and thus Solaris 9 is not affected.
  2. AnswerBook2 Documentation Server version 1.4.2 first shipped with Solaris 8.
  3. AnswerBook2 Documentation Server versions 1.4.3 and later are not affected by this issue.

To determine the version of the currently installed AnswerBook2 Server, run the following command: 

    $ grep SUNW_PRODVERS /var/sadm/pkg/SUNWab2[rsu]/pkginfo
/var/sadm/pkg/SUNWab2r/pkginfo:SUNW_PRODVERS=1.4.2
/var/sadm/pkg/SUNWab2s/pkginfo:SUNW_PRODVERS=1.4.2
/var/sadm/pkg/SUNWab2u/pkginfo:SUNW_PRODVERS=1.4.2

Symptoms

There are no predictable symptoms that would show the described issue has been exploited to execute arbitrary commands with the privileges of the AnswerBook2 daemon on a system.


Workaround

Sites which have configured AnswerBook2 Documentation Servers may wish to disable AB2 and instead refer to Sun documentation at the Sun Product Documentation web site at: http://docs.sun.com or view the documentation on the Solaris Documentation CD.

To disable the AnswerBook2 Documentation Server, the following commands can be run as the root user: 

    # /usr/lib/ab2/bin/ab2admin -o stop
# /usr/lib/ab2/bin/ab2admin -o autostart_no

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Upgrade to AnswerBook2 Documentation Server version 1.4.2 with patch 110011-02

x86 Platform

  • Upgrade to AnswerBook2 Documentation Server version 1.4.2 with patch 110012-02

Notes:

  1. Sites with AnswerBook2 Documentation Server version 1.4.1 or earlier need to first upgrade AnswerBook2 to version 1.4.2 before applying the above patches.
  2. AnswerBook2 Documentation Server version 1.4.2 is available for download at: http://www.sun.com/software/ab2


Modification History
Date: 15-OCT-2003
  • Updated: Contributing Factors, Symptoms, Relief/Workaround, and Resolution sections


Product
AnswerBook2 Documentation Server 1.4
























Attachments
This solution has no attachment