OSVDB ID: 11080 Title: IRIX Omron WorldView Wnn Multiple Command Remote Overflow |
Info |
|
|
Dates |
||||
|
|
Description |
A remote overflow exists in WorldView on IRIX. The jserver fails to validate input resulting in a buffer overflow. With a specially crafted request, such as a long string with a Wnn command (JS_OPEN, JS_MKDIR or JS_FILE_INFO), an attacker can execute arbitrary shellcode as root, resulting in a loss of integrity. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Available Disclosure: OSVDB Verified |
Solution |
The steps below can be used to minimize exposure to the WorldView vulnerability. (Translated from Japanese). 1) Become the root user on the system. % /bin/su - Password: # 2) Verify WorldView is installed. Only systems that have WorldView installed are vulnerable. # versions -b I WorldView_base_jp 05/06/1998 WorldView Base Japanese 6.5 I WorldView_books_jp 05/06/1998 WorldView Books: Japanese 6.5 I WorldView_fonts_jp1 05/06/1998 WorldView Fonts Japanese, 6.5 I WorldView_japanese 05/06/1998 WorldView Japanese 6.5 3) If the WorldView is not currently needed, disable the jserver. # chkconfig jserver off Note: This will disable Japanese character input support. 4) Add the following lines to the files /etc/password and /etc/group with a text editor like vi. /etc/passwd: wnn:*:127:127:Wnn System Account:/usr/lib/wnn6:/bin/sh /etc/group: wnn:*:127 5) Change the owner of the WNN related files. # chown -R wnn.sys /usr/bin/Wnn6 # chown -R wnn.sys /usr/lib/wnn6 6) Verify that the file ownership changes have been made. # ls -ls /usr/bin/Wnn6/jserver 1136 -r-sr-xr-x 1 wnn sys 578660 # ls -ls /usr/lib/wnn6/serverdefs 8 -rw-r--r-- 1 wnn sys 662 7) Reboot the system. # reboot |
Products |
|
References |
|
Credit |
|
backsection.net -