• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Amiga MUI Internet Application Remote Command Execution Vulnerability

Severity: HIGH

Description:

Magic User Interface(MUI) is a system for creating and maintaining graphical user interfaces for the Amiga. It has been incorporated into many Amiga Internet applications. Although MUI is not specifically the source of the issue, MUI-based applications are affected.

Some MUI-based Internet Software does not sufficiently validate user-supplied input. As a result, it may be possible for a remote attacker to execute arbitrary commands on the underlying operating system of a host running MUI-based Internet software.

This is accomplished by passing escape sequences to "APIPE:" style functions, which are used to implement the Unix functionality of being able to pipe commands to the shell.

It has been reported that the majority of Amiga Internet applications which incorporate MUI are prone to this issue. Vaporware applications such as Voyager, AmIRC, etc. are reportedly not vulnerable. Additionally, the file sharing application Amster is also not vulnerable. Users are advised to contact individual vendors of MUI-based Internet applications about the possibility that their products are vulnerable and the availability of fixes.

Affected Products:

• Missing Piece Technologies AmigAIM 0.9430.0
• Missing Piece Technologies AmigAIM 0.9431.0
• Missing Piece Technologies AmigAIM 0.9432.0
• Missing Piece Technologies AmigAIM 0.9433.0
• Missing Piece Technologies AmigAIM 0.9434.0
• Missing Piece Technologies AmigAIM 0.9435.0
• Missing Piece Technologies AmigAIM 0.9436.0
• Pint Pint 2.10.0
• Pint Pint 2.7.0
• Pint Pint 2.8.0
• Pint Pint 2.9.0
• SASG Magic User Interface 3.8.0
• STR Programming Services StrICQ 0.0.00.1371
• STR Programming Services StrICQ 0.0.00.1727
• STR Programming Services StrICQ 0.0.00.1732
• SimpleMail SimpleMail 0.10.0
• SimpleMail SimpleMail 0.11.0
• SimpleMail SimpleMail 0.9.0
• Yam Yam 2.2.0
• Yam Yam 2.3.0

References:

• Abraxis: Security Advisory 2001-08-11 Escape Sequence Exploit
• Amiga.org: Major Escape Sequence Exploit In MUI
• Missing Piece Technologies: AmigAIM Homepage
• Pint: Pint Homepage
• SASG: Magic User Interface Homepage
• STR Programming Services: StrICQ Homepage
• SimpleMail: SimpleMail Homepage
• Virus Help Team Canada: ALERTS: Viruses, Worms, General Alerts & Security Issues
• Yam: Yam Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.