| VID |
21041 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "faxsurvey" CGI program is installed in the relevant web server. This CGI has a security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody).
¡Ø Exploitation : http://linux.elsewhere.org/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
¡Ø BUGTRAQ:Aug04,1998
* References:
http://archives.neohapsis.com/archives/bugtraq/1998_3/0385.html
http://www.iss.net/security_center/static/1532.php |
| Recommendation |
Remove the "faxsurvey" file from /cgi-bin, or Upgrade to the lastest version. |
| Related URL |
CVE-1999-0262 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
