Sun Security Kit Leaves Holes in RaQ4 Servers

By N-Stalker Team on January 29, 2009

Security patches aren’t supposed to create new vulnerabilities, but that’s precisely what happened with Sun’s Security Hardening Package (SHP) for the company’s popular line of Cobalt RaQ 4 Server Appliances. The package includes a script called overflow.cgi that does not properly filter user input, allowing an attacker to execute arbitrary commands with superuser privileges. Sun’s only solution is to remove SHP, and they are offering a patch to facilitate this procedure. Exploits for this vulnerability are already available, so be sure to act quickly. For more information, see CERT advisory CA-2002-35.

(N-Stalker Security Force)

This entry was posted in Previous Security Advisories and tagged , . Bookmark the permalink.