GEN:SID 1:2127
Message WEB-CGI ikonboard.cgi a103
Summary This event is generated when an attempt is made to access ikonboard.cgi
on a web server. This may indicate an attempt to exploit an arbitrary
code execution vulnerability that affects Ikonboard web-based bulletin
board software.
Impact Arbitrary code execution.
Detailed Information This event indicates that an attempt has been made to exploit an
arbitrary code execution vulnerability in Ikonboard web-based bulletin
board software. An attacker can bypass user input validation by
inserting illegal characters into the "lang" value of a user cookie,
which then allows the attacker to pass arbitrary Perl code to the web
server.
Affected Systems Any web server running Ikonboard bulletin board software.
Attack Scenarios An attacker can provide a crafted cookie to the web server running
Ikonboard. The web server will then attempt to execute the arbitrary
Perl commands embedded in the cookie.
Ease of Attack Simple. A proof of concept exists.
Corrective Action An unsupported and unofficial patch is available at http://www.securityfocus.com/bid/7361/solution/.

Check the host for signs of compromise.
Additional References Bugtraq
http://www.securityfocus.com/bid/7361

Nessus
http://cgi.nessus.org/plugins/dump.php3?id=11605
Rule References Error: Unknown reference type: BACKDOOR subseven 22
arachnids: 485
url: www.hackfix.org/subseven/