AnswerBook Vulnerabilities

Impact

Vulnerabilities in the AnswerBook server could allow a remote attacker to execute arbitrary code.

Background

The AnswerBook2 Documentation Server from Sun Microsystems provides access to Sun documentation using a web browser. AnswerBook2 runs a daemon called dwhttpd.

The Problems

There are two vulnerabilities in dwhttpd. The first could allow an attacker to create a new user, allowing the attacker to then access the AnswerBook2 administrative interface. Once the attacker has access to the administrative interface, the second vulnerability could allow arbitrary commands to be executed by creating log files whose names contain the commands to be executed.

AnswerBook2 1.4.2 (if unpatched) and earlier versions are affected by this vulnerability.

Resolutions

Upgrade to a version of AnswerBook2 higher than 1.4.2 if available. Otherwise, upgrade to version 1.4.2 and apply Sun patch 110011-02. (110012-02 for x86 platforms.)

Where can I read more about this?

For more information see Sun Security Bulletin #00196.