| VID |
21176 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The web server seems to be vulnerable to a security problem in CGIEmail (cgicso). The vulnerability in CGIEmail's cgicso is caused by inadequate processing of queries by CGIEmail's cgicso, and allows attackers to execute arbitrary commands on the server as the web server's running user (usually 'nobody'). |
| Recommendation |
Modify cgicso.h to contain a strict setting of your finger host.
Example:
Define the following in cgicso.h:
#define CGI_CSO_HARDCODE
#define CGI_CSO_FINGERHOST 'localhost' |
| Related URL |
CVE-2002-1652 (CVE) |
| Related URL |
6141 (SecurityFocus) |
| Related URL |
10595 (ISS) |
|
