| VID |
21230 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The SunSolve CD access CGIs allows remote users to cause the CGI to execute arbitrary code.
SunSolve CD is a documentation resource CD that is included as part of the Solaris Media pack on Sun Solaris 7 and 8. Various CGI scripts included with the SunSolve CD have input validation problems that could allow a remote attacker to execute arbitrary commands on the system. Due to a design failure which does not remove special characters such as the pipe (|) character, a user submitting a malicious email parameter to the vulnerable script could execute arbitrary commands with the permissions of the executing program.
* Note: This scanner do not try to perform the attack, to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
Solaris 7
Solaris 8
* References:
http://online.securityfocus.com/bid/4269
http://www.iss.net/security_center/static/8435.php |
| Recommendation |
No remedy available as of June 2014. If you are not needed, disable the service. |
| Related URL |
CVE-2002-0436 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
