4879141 2000-03-09  07:05  /57 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <10157>
Ärende: [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
------------------------------------------------------------
__________________________________________________________

       S.A.F.E.R. Security Bulletin 000309.EXP.1.4
__________________________________________________________


TITLE     : Vulnerabilities in StarScheduler
DATE      : March 09, 2000
NATURE    : Denial-of-Service, Remote Code Execution, Access to
privileged files
PLATFORMS : StarScheduler/StarOffice 5.1

DETAILS:

StarOffice comes with a nice groupware server, called
StarScheduler. It also includes a web server that is vulnerable to
several security problems.

PROBLEM:

A buffer overflow exists in the StarScheduler web server (which
listens on port 801), that can lead to remote execution of code and
root access.  Since the server dies, this is also a Denial-of-Service
issue. The problem is in the way web server handles long requests.

Sending a "GET /['A' x 933] HTTP/1.0" will crash the server. This web
server is running as a root.

Another silly problem exists in the server that allows any user to
gain read access to files to which they normally don't have access
to.  Example:

http://starscheduler_server:801/../../../../etc/shadow

This will display the content of the /etc/shadow file.

FIXES:

No fixes are available yet. Sun has been contacted on 6th of February,
but we have received no response from them.

JOB OFFERS:

The Relay Group is seeking security enthusiasts with a vast experience
in intrusion testing, firewall/IDS configuration and other
security-related fields. For more information, please visit:

http://relaygroup.com/secjobs.html

___________________________________________________________

    S.A.F.E.R. - Security Alert For Entreprise Resources
           Copyright (c) 2000  The Relay Group
  http://www.safermag.com ----  security@relaygroup.com
___________________________________________________________
(4879141) ------------------------------------------(Ombruten)