GEN:SID 1:804
Message WEB-CGI SWSoft ASPSeek Overflow attempt
Summary This event is generated when an attempt is made to exploit a buffer
overflow vulnerability in SWSoft ASPSeek search engine software.
Impact Arbitrary code execution.
Detailed Information SWSoft ASPSeek search engine software contains a buffer overflow
vulnerability where, if a sufficiently long string is sent to the s.cgi
script using the template (tmpl) variable, a buffer overflow condition
can occur. This may allow the execution of arbitrary code.
Affected Systems All Apache web servers running SWSoft ASPSeek 1.0.3 and earlier are
vulnerable.
Attack Scenarios An attacker can send a crafted query to the s.cgi script, creating a
buffer overflow condition. This could then allow the attacker to execute
arbitrary code from the system's command shell.
Ease of Attack Simple. Exploits exist.
Corrective Action Upgrade to SWSoft ASPSeek 1.04 or later.
Additional References Bugtraq
http://www.securityfocus.com/bid/2492

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0476
Rule References bugtraq: 2492
cve: 2001-0476