| VID |
21234 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The SMB2WWW allows a remote attacker to execute arbitrary command on the system.
SMB2WWW is a Windows Network client that is accessible through a web browser for Solaris and Linux if the Samba, Perl and a web server are supported. Some versions of SMB2WWW have a flaw that allows a remote attacker to execute arbitrary commands on the system. This vulnerability aries when a remote attacker sends a malformed argument to smbshr.pl of the SMB2WWW component as the following:
POST /cgi-bin/smbshr.pl HTTP/1.1
Host: X.X.X.X
...
Content-Length: XX
host=%22%20%2DFOOBAR%7Cecho%20%22%20Sharename%22%0Aecho%0Aecho%20%22%20%20SomeShare%20%20Disk%20%22%60id%60%20%23%22
Such request can lead a remote attacker to execute arbitrary programs under "www-data" user privileges on the system.
* References:
http://www.securityfocus.com/advisories/4741
http://www.linuxsecurity.com/advisories/debian_advisory-2636.html
* Platforms Affected:
SMB2WWW 980804-16 and prior
Debian Linux 2.2
Debian Linux 3.0 |
| Recommendation |
Upgrade to the latest SMB2WWW package immediately
For Debian 2.2 (potato),
[source]
http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804.orig.tar.gz
[architecture-independent component] http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-9.1_all.deb
For Debian 3.0 (woody),
[source]
http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804.orig.tar.gz
[architecture-independent component] http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-16.1_all.deb |
| Related URL |
CVE-2002-1342 (CVE) |
| Related URL |
6313 (SecurityFocus) |
| Related URL |
10768 (ISS) |
|
