| VID |
21031 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Count.cgi cgi-bin program is used to record and display the number of times a WWW page has been accessed.
Due to insufficient bounds checking on arguments which are supplied by users, it is possible to overwrite the internal stack space of the Count.cgi program while it is executing. By supplying a carefully designed argument to the Count.cgi program, intruders may be able to force Count.cgi to execute arbitrary commands with the privileges of the httpd process.
The Count.cgi program is extremely widely used. Sites are encouraged to check for its existence and its possible exploitation.
To check whether exploitation of this vulnerability has been attempted at your site, search for accesses to the Count.cgi program in your access logs. An example of how to do this is:
# grep -i 'Count.cgi' {WWW_HOME}/logs/access_log
Where {WWW_HOME} is the base directory for your web server.
* References:
http://www.cert.org/advisories/CA-1997-24.html
http://www.iss.net/security_center/static/586.php |
| Recommendation |
Upgrade to version 2.4 or greater or remove execute permissions
A. Upgrade to the current Count.cgi version
The author of Count.cgi has recently released version 2.4 which addresses the vulnerability described in this advisory. We recommends that sites upgrade to the latest version as soon as possible. The current version is available from:
http://www.fccc.edu/users/muquit/Count.html
B. Remove execute permissions
To prevent the exploitation of the vulnerability described in this advisory, We recommends that the execute permissions be removed from Count.cgi immediately. Note that this will have the side effect of preventing the page hit counter from being incremented and displayed on web pages using Count.cgi. The remainder of such web pages should still display. |
| Related URL |
CVE-1999-1590 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
