GEN:SID 1:2200
Message WEB-CGI dnewsweb.cgi access
Summary This event is generated when an attempt is made to access dnewsweb.cgi on an internal web server. This may indicate an attempt to exploit a buffer overflow vulnerability in NetWin DNews News Server 5.3.
Impact Remote execution of arbitrary code, possibly leading to remote root compromise.
Detailed Information NetWin DNews News is a web-based application that manages remote access to Internet newsgroups. When overly long arguments are used as arguments to some dnewsweb.cgi parameters (including but not limited to "group," "cmd," and "utag"), a buffer overflow condition may occur. This can lead to the remote execution of arbitrary code with the security context of DNews.
Affected Systems Any operating system running NetWin DNews News Server 5.3 or lower.
Attack Scenarios An attacker transmits an overly long, specially crafted URL to the vulnerable DNews server, causing a buffer overflow condition. The attacker is then able to execute arbitrary code on the server with the security context of DNews.
Ease of Attack Simple. An exploit exists.
Corrective Action Upgrade to DNews News Server 5.4 or higher.
Additional References Bugtraq
http://www.securityfocus.com/bid/1172
Rule References bugtraq: 1172
bugtraq: 4579
cve: 2000-0423
nessus: 11748