| VID |
21054 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The 'imagemap.exe' cgi is installed.
OmniHTTPd is distributed with the CGI program imagemap.exe, which contains a remotely exploitable buffer overflow that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). |
| Recommendation |
If it's not needed, remove the imagemap.exe program from the CGI-BIN directory until Omnicron can supply a patched version. |
| Related URL |
CVE-1999-0951 (CVE) |
| Related URL |
739 (SecurityFocus) |
| Related URL |
(ISS) |
|
