what you don't know can hurt you

safer.000309.EXP.1.4

safer.000309.EXP.1.4
Posted Mar 8, 2000
Site safermag.com

S.A.F.E.R. Security Bulletin 000309.EXP.1.4 - StarOffice comes with a nice groupware server, called StarScheduler, which includes a web server that is vulnerable to several security problems, leading to remote code exection and root access.

tags | remote, web, root
MD5 | 7638b30db584cbbd94e068974d39ef42

safer.000309.EXP.1.4

Change Mirror Download
__________________________________________________________

S.A.F.E.R. Security Bulletin 000309.EXP.1.4
__________________________________________________________


TITLE : Vulnerabilities in StarScheduler
DATE : March 09, 2000
NATURE : Denial-of-Service, Remote Code Execution, Access to
privileged files
PLATFORMS : StarScheduler/StarOffice 5.1

DETAILS:

StarOffice comes with a nice groupware server, called StarScheduler. It
also includes a web server that is vulnerable to several security
problems.

PROBLEM:

A buffer overflow exists in the StarScheduler web server (which listens
on port 801), that can lead to remote execution of code and root access.
Since the server dies, this is also a Denial-of-Service issue. The
problem is in the way web server handles long requests.

Sending a "GET /['A' x 933] HTTP/1.0" will crash the server. This web
server is running as a root.

Another silly problem exists in the server that allows any user to gain
read access to files to which they normally don't have access to.
Example:

http://starscheduler_server:801/../../../../etc/shadow

This will display the content of the /etc/shadow file.

FIXES:

No fixes are available yet. Sun has been contacted on 6th of February,
but we have received no response from them.

JOB OFFERS:

The Relay Group is seeking security enthusiasts with a vast experience
in intrusion testing, firewall/IDS configuration and other
security-related fields. For more information, please visit:

http://relaygroup.com/secjobs.html

___________________________________________________________

S.A.F.E.R. - Security Alert For Entreprise Resources
Copyright (c) 2000 The Relay Group
http://www.safermag.com ---- security@relaygroup.com
___________________________________________________________

Login or Register to add favorites

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close