GEN:SID 1:1455
Message WEB-CGI calendar.pl access
Summary This event is generated when an attempt is made to access a web
application that may lead to exploitation of the application.
Impact Potentially harmful execution of binaries through perl open()
Detailed Information An open source calendar perl script by Matt Kruse, Allows commands to be executed without input verification using the perl open() function. ie /cgi-bin/calendar.pl place the string "|ping 127.0.0.1|" in the configuration file field, this executes the command "ping 127.0.0.1"
Affected Systems Any web server running the application.
Attack Scenarios An unauthenticated user can execute arbitrary programs on the server by accessing calendar.pl and inputting commands such as "|mail /etc/passwd|" into the configuration file field.
Ease of Attack Simple. No exploit software required.
Corrective Action Download a newer version of the cgi
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0432

Bugtraq:
http://online.securityfocus.com/bid/1215
Rule References bugtraq: 1215
cve: 2000-0432