GEN:SID | 1:2052 |
Message | WEB-CGI overflow.cgi access |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in Sun Cobalt RaQ server appliances.
|
Impact | Execution of code and possible root compromise of the system.
|
Detailed Information | A vulnerability in the security hardening package for Sun Cobalt RaQ 4 and RaQ 3 running RaQ 4 does not filter user input to the email variable in the overflow.cgi script correctly.
POST requests to the script may contain code in the email variable which will then be processed with the privilege of the super user on the system.
|
Affected Systems | Sun Cobalt RaQ 4 Server Appliances with the Security Hardening Package installed Sun Cobalt RaQ 3 Server Appliances running the RaQ 4 build with the Security Hardening Package installed
|
Attack Scenarios | An attacker can supply his own POST request to the overflow.cgi script that contains code he wishes to run.
An exploit is also available.
|
Ease of Attack | Simple
|
Corrective Action | Apply the appropriate vendor fixes.
|
Additional References | CERT: http://www.kb.cert.org/vuls/id/810921 http://www.cert.org/advisories/CA-2002-35.html
|
Rule References | bugtraq: 6326
cve: 2002-1361
nessus: 11190
url: www.cert.org/advisories/CA-2002-35.html
|