The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 22 Jan 2003 10:50:30 -0800
From: Entercept Ricochet Team <[email protected]>
To: [email protected],
Subject: Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulnerability

*******ENTERCEPT RICOCHET ADVISORY*******=20
=20
Date: Wednesday, January 22, 2003=20
Issue: KCMS Library Service Daemon Arbitrary File Retrieval =
Vulnerability
http://www.entercept.com/news/uspr/01-22-03.asp
=20
Vulnerability Description:

Kodak Color Management System (KCMS) is an API that provides color =
management
functions for different devices and color spaces. The kcms_server is a =
daemon
that allows the KCMS library functions to access profiles on remote =
machines.
The profiles can be remotely read and are located under the directories=20
/etc/openwin/devdata/profiles and /usr/openwin/etc/devdata/profiles.

There exists a directory traversal condition within the KCS_OPEN_PROFILE =

procedure that can lead to remote retrieval of any file on the operating =

system since the kcms_server runs with root privileges. Although certain
checks to prevent directory traversal attempts are present in the open
profile procedure call, they are inadequate and can be bypassed by =
utilizing=20
the ToolTalk Database Server's TT_ISBUILD procedure call.
=20
Vendors Affected: =20
- Sun Microsystems Inc.

Vulnerable Platforms:
- Sun Solaris/Sparc 2.5, 2.6, 7, 8, 9=20
- Sun Solaris/x86 2.5, 2.6, 7, 8, 9

Vendor Information/CERT Information:
=20
Entercept worked directly with Sun Microsystems Inc. and CERT (Computer=20
Emergency Response Team), providing the technical details necessary to =
develop
patches and coordinate security advisories. The CERT advisory will be =
available
at: http://www.kb.cert.org/vuls/id/850785

  =20
Acknowledgement/Information Resources:
=20
This vulnerability was discovered and researched by Sinan Eren of the =
Entercept=20
Ricochet Team. =20
  =20
ABOUT ENTERCEPT RICOCHET: =20
Entercept's Ricochet team is a specialized group of security researchers =

dedicated to identifying, assessing, and evaluating intelligence =
regarding=20
server threats.
The Ricochet team researches current and future avenues of attack and =
builds=20
this knowledge into Entercept's intrusion prevention solution. Ricochet =
is=20
dedicated to providing critical, viable security content via security=20
advisories and technical briefs. This content is designed to educate=20
organizations and security professionals about the nature and severity =
of=20
Internet security threats, vulnerabilities and exploits. Copyright =
Entercept=20
Security Technologies. All rights reserved. Entercept and the Entercept =
logo
are trademarks of Entercept Security Technologies. All other trademarks, =
trade=20
names or service marks are the property of their respective owners.=20

DISCLAIMER STATEMENT: =20
The information in this bulletin is provided by Entercept Security =
Technologies,=20
Inc. ("Entercept") and is intended to provide information on a =
particular=20
security issue or incident. Given that each exploitation technique is =
unique,=20
Entercept makes no claim to prevent any specific exploit related to the=20
vulnerability discussed in this bulletin. Entercept expressly disclaims =
any and=20
all warranties with respect to the information provided in this =
bulletin,
express or implied or otherwise, including, but not limited to, warranty =
of=20
fitness for a particular purpose. Under no circumstances may this =
information
be used to exploit vulnerabilities in any other environment.
http://www.entercept.com/news/uspr/01-22-03.asp
### =20
 =20

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру