GEN:SID | 1:2670 |
Message | WEB-CGI pgpmail.pl access |
Summary | This event is generated when an attempt is made to access the file pgpmail.pl.
|
Impact | Possible unauthorized administrative access to the victim host.
|
Detailed Information | The script pgpmail.pl does not properly sanitize user supplied input. This may allow an attacker to supply commands of their choosing to the victim host with the privileges of the user running the web server.
|
Affected Systems | pgpmail prior to and including 3.6
|
Attack Scenarios | An attacker can supply arbitrary commands to the pgpmail.pl script.
|
Ease of Attack | Simple
|
Corrective Action | Uninstall the script pgpmail.pl
Only allow usage from authenticated users
|
Additional References | |
Rule References | cve: 2001-0937
nessus: 11070
|