| VID |
21611 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The IkonBoard program is vulnerable to a Lang Cookie Arbitrary Command Execution Vulnerability. IkonBoard is a freely available Web Bulletin Board System written in Perl. IkonBoard version 3.1.2a and earlier versions could allow a remote attacker to execute arbitrary code on the host, caused by improper filtering of a malicious cookie with invalid characters for the 'lang' value in the Sources/Lib/FUNC.pm file. A remote attacker could exploit this flaw to execute arbitrary commands in the security context of the web server hosting the affected IkonBoard.
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-04/0027.html
http://archives.neohapsis.com/archives/bugtraq/2003-09/0259.html
http://www.ikonboard.com/
* Platforms Affected:
Jarvis Entertainment Group, Inc., IkonBoard version 3.1.2a and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2005.
As a workaround, apply the unofficial patch, as listed in the BugTraq Mailing List posting dated Mon Sep 08 2003 at http://archives.neohapsis.com/archives/bugtraq/2003-09/0102.html |
| Related URL |
CVE-2003-0770 (CVE) |
| Related URL |
7361,8580 (SecurityFocus) |
| Related URL |
11702 (ISS) |
|
