GEN:SID | 1:2127 |
Message | WEB-CGI ikonboard.cgi a103 |
Summary | This event is generated when an attempt is made to access ikonboard.cgi on a web server. This may indicate an attempt to exploit an arbitrary code execution vulnerability that affects Ikonboard web-based bulletin board software.
|
Impact | Arbitrary code execution.
|
Detailed Information | This event indicates that an attempt has been made to exploit an arbitrary code execution vulnerability in Ikonboard web-based bulletin board software. An attacker can bypass user input validation by inserting illegal characters into the "lang" value of a user cookie, which then allows the attacker to pass arbitrary Perl code to the web server.
|
Affected Systems | Any web server running Ikonboard bulletin board software.
|
Attack Scenarios | An attacker can provide a crafted cookie to the web server running Ikonboard. The web server will then attempt to execute the arbitrary Perl commands embedded in the cookie.
|
Ease of Attack | Simple. A proof of concept exists.
|
Corrective Action | An unsupported and unofficial patch is available at http://www.securityfocus.com/bid/7361/solution/.
Check the host for signs of compromise.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/7361
Nessus http://cgi.nessus.org/plugins/dump.php3?id=11605
|
Rule References | Error: Unknown reference type: BACKDOOR subseven 22
arachnids: 485
url: www.hackfix.org/subseven/
|