| VID |
21076 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The '/cgi-bin/responder.cgi' cgi is installed.
Responder.cgi, a public domain 'C' shell for MacHTTP Servers contains a buffer overflow that when exploited, will cause the server it is run on to freeze. You are at risk if your responder.cgi file contains the line of code:
char PostArg_Search[256];
which is the QUERY_STRING, Since it only allows upto 256 characters after ?, the server will crash if 257+ characters are requested.
Exploit Example: (nc is netcat from avian.org)
$ echo "GET /cgi-bin/responder.cgi?xxx ... xxx" | nc machttp-server.com 80
* References:
http://www.packetstormsecurity.org/9904-exploits/mac.DoS.txt |
| Recommendation |
Remove responder.cgi from your /cgi-bin/ or change
'char PostArg_Search[256];'
to
'char PostArg_Search;'. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
