-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ SECURITY ADVISORY INTEXXIA(c) 30 01 2002 ID #1052-300102 ________________________________________________________________________ TITLE : AOLServer DB Proxy Daemon Format String Vulnerability CREDITS : Guillaume Pelat found this vulnerability / INTEXXIA ________________________________________________________________________
SYSTEM AFFECTED =============== AOLServer 3.4.2 AOLServer 3.4.1 AOLServer 3.4 AOLServer 3.3.1 AOLServer 3.2.1 AOLServer 3.2 AOLServer 3.1 AOLServer 3.0 ________________________________________________________________________ DESCRIPTION =========== The Laboratory intexxia found a format string vulnerability in the AOL Server external database driver proxy daemon API that could lead to a privilege escalation. ________________________________________________________________________ DETAILS ======= AOL Server provides an API to develop external database driver proxy daemons. Those daemons are linked to a library (libnspd.a). The Laboratory intexxia found a format string and a buffer overflow vulnerability in the 'Ns_PdLog' function of the library. Successful exploitation of the bug could allow an attacker to execute code and get access on the system. As a result, all the External Driver Proxy Daemons using the 'Ns_PdLog' function with the 'Error' or 'Notice' parameter are potentially vulnerable. ________________________________________________________________________ SOLUTION ======== This vulnerability has been fixed in the current version in CVS branch nsd_v3_r3_p0 (post-AOLserver 3.4.2) and can be used for any affected version. The patch used was created by intexxia and can be found in attachment. More information can be found at the following URL : http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1 ________________________________________________________________________ VENDOR STATUS ============= 14-03-2002 : This bulletin was sent to the developpement team. 19-03-2002 : The vendor confirmed the vulnerability and fixed it in the CVS branch nsd_v3_r3_p0 (post-AOLserver 3.4.2). ________________________________________________________________________ LEGALS ====== AOL Server is a registered trademark. Intexxia provides this information as a public service and "as is". Intexxia will not be held accountable for any damage or distress caused by the proper or improper usage of these materials. (c) intexxia 2002. This document is property of intexxia. Feel free to use and distribute this material as long as credit is given to intexxia and the author. ________________________________________________________________________ CONTACT ======= CERT intexxia [EMAIL PROTECTED] INTEXXIA http://www.intexxia.com 171, av. Georges Clemenceau Standard : +33 1 55 69 49 10 92024 Nanterre Cedex - France Fax : +33 1 55 69 78 80 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPLwQr02N8BNyNDXLEQK7yQCfVh/7x6yBxWKEi5iwRDaHEHuilGUAoN+u 14o6inQET/8E4GdnfqgS6Jtj =YKem -----END PGP SIGNATURE-----
SA1052-300102_aolserver-3.4.2-security-patched
Description: Binary data
SA1052-300102_aolserver-3.4.2-security-patched.sig
Description: Binary data