GEN:SID | 1:804 |
Message | WEB-CGI SWSoft ASPSeek Overflow attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability in SWSoft ASPSeek search engine software.
|
Impact | Arbitrary code execution.
|
Detailed Information | SWSoft ASPSeek search engine software contains a buffer overflow vulnerability where, if a sufficiently long string is sent to the s.cgi script using the template (tmpl) variable, a buffer overflow condition can occur. This may allow the execution of arbitrary code.
|
Affected Systems | All Apache web servers running SWSoft ASPSeek 1.0.3 and earlier are vulnerable.
|
Attack Scenarios | An attacker can send a crafted query to the s.cgi script, creating a buffer overflow condition. This could then allow the attacker to execute arbitrary code from the system's command shell.
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | Upgrade to SWSoft ASPSeek 1.04 or later.
|
Additional References | Bugtraq http://www.securityfocus.com/bid/2492
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0476
|
Rule References | bugtraq: 2492
cve: 2001-0476
|