Patch-ID# 110537-01 Keywords: security answerbook2 Synopsis: AnswerBook 1.4.2_x86: HTTP GET overflow allows code execution Date: Jan/30/2001 Solaris Release: 2.5.1_x86 2.6_x86 7_x86 8_x86 SunOS Release: 5.5.1_x86 5.6_x86 5.7_x86 5.8_x86 Unbundled Product: AnswerBook2 Unbundled Release: 1.4.2 Xref: This patch available for SPARC as patch 110531 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 4376027 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/lib/ab2/dweb/sunos5/bin/dwhttpd Problem Description: 4376027: an HTTP GET request can be created that overflows a buffer in dwhttpd. This allows the execution of constructed code. See the bug report for the attachment that creates a sample HTTP GET request that exploits this vulnerability. Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-8 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- The "space" file for SUNWab2u is invalid and needs to be removed before the patch can be installed. rm /var/sadm/pkg/SUNWab2u/install/space The AnswerBook2 server will need to be stopped and started after applying the patch. /usr/lib/ab2/bin/ab2admin -o stop /usr/lib/ab2/bin/ab2admin -o start README -- Last modified date: Tuesday, January 30, 2001