GEN:SID | 1:1196 |
Message | WEB-CGI SGI InfoSearch fname attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the IRIX infosrch.cgi web application.
|
Impact | Execution of code of the attackers choosing is possible.
|
Detailed Information | sgi IRIX 6.5 through 6.5.7 ships with a web application called InfoSearch that is vulnerable to a remote execution attack.
An attacker may have abused the infosrch.cgi web application that ships with IRIX 6.5 to remotely execute arbitrary commands as the webserver user.
|
Affected Systems | SGI IRIX 6.5 to 6.5.7 |
Attack Scenarios | An attacker uses an existing, publically known exploit script, or sends a simple, handcrafted URL to the webserver such as: http://target/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | Examine the packet to determine whether malicious code was contained in the fname HTTP GET variable, such as unix shell commands. If it looks like it may have been malicious code, determine whether the targetted web server was running a vulnerable version of IRIX.
Upgrade to the latest non-affected version of the product.
Apply the appropriate vendor supplied patches.
|
Additional References | |
Rule References | arachnids: 290
bugtraq: 1031
cve: 2000-0207
|