Nessus Plugin #10779
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
CGIEmail's CGICso (Send CSO via CGI) Command Execution Vulnerability
- Family:
- CGI abuses
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2001 SecurITeam
- Summary:
- Determine if a remote host is vulnerable to the cgicso vulnerability
- Version:
- $Revision: 1.14 $
- Cve_id:
- -
- Bugtraq_id:
- 6141
- Xrefs:
- -
- Description:
The remote host seems to be vulnerable to a security problem in
CGIEmail (cgicso). The vulnerability is caused by inadequate processing
of queries by CGIEmail's cgicso and results in a command execution
vulnerability.
Impact:
The server can be compromised by executing commands as the web server's
running user (usually 'nobody').
Solution:
Modify cgicso.h to contain a strict setting of your finger host.
Example:
Define the following in cgicso.h:
#define CGI_CSO_HARDCODE
#define CGI_CSO_FINGERHOST 'localhost'
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.