|
Title
|
Global Hauri ViRobot Server Cookie Overflow Exploit
|
|
ID
|
SYBSEC-ADV07
|
|
Severity
|
HIGH - Local Buffer Overflow
|
|
History
|
05.AUG.2003 Vulnerability discovered
15.AUG.2003 Vendor contacted
|
|
Scope
|
Local Buffer Overflow
|
|
Platforms
|
ViRobot Linux Server
|
|
Author
|
|
|
URL
|
http://www.sybsecurity.com/advisors/SYBSEC-ADV07-Global_Hauri_ViRobot_Server_Cookie_Overflow_Exploit
|
|
Release
|
Public
|
|
Overview
|
HAURI, Inc. is a leading anti-virus solution provider in the global market.
The "ViRobot" which was developed exclusively by HAURI, is an excellent and
powerful anti-virus that uses a unique type of detection engine technology
to detect the latest viruses and to repair files infected with those viruses.
The HAURI anti-virus technology is regarded highly in Korea and has received
rave reviews from all over the world.
|
|
Affected versions
|
The vulnerability has been reported in versions Hauri
Hauri ViRobot Linux Server 2.0
|
|
Description
|
During our trial run we found that the /usr/local/ViRobot/cgi-bin/addschup binary
is vulnerable to a trivial remote expoit. In order to explain the bug we can make
use of multiple exported variables to simulate a remote request. Below we show
the environmental conditions necessary to exploit addschup remotely.
|
|
Workaround
|
|
|
Acknowledgments
|
|
|
References
|
|
|
Details
|
During our trial run we found that the /usr/local/ViRobot/cgi-bin/addschup binary
is vulnerable to a trivial remote expoit. In order to explain the bug we can make
use of multiple exported variables to simulate a remote request. Below we show
the environmental conditions necessary to exploit addschup remotely.
The fact that addschup is setuid helps make this both a local and remote root.
jdam:/usr/local/ViRobot/cgi-bin# ls -al addschup
-rwsr-sr-x 1 root staff 26484 2005-01-05 01:30 addschup.
|
|
Exploit tool
|
|
Buscar
