| VID |
21845 |
| Severity |
40 |
| Port |
8080 |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The ViRobot Linux Server, according to its version number, has a remote buffer overflow vulnerability. ViRobot Linux Server is a commercial anti-virus product for Linux-based operating systems. ViRobot Linux Server version 2.0 and possibly earlier versions are vulnerable to a buffer overflow vulnerability, caused by improper bounds checking of cookies sent to the 'addschup' CGI script. By passing specially-crafted data through the 'ViRobot_ID' and 'ViRobot_PASS' cookies when calling the 'addschup' CGI script, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
* Note: This check solely relied on the version number of ViRobot Linux Server installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.digitalmunition.com/DMA%5B2005-0614a%5D.txt
http://www.digitalmunition.com/DMA[2005-0614a].txt
http://secunia.com/advisories/15700/
* Platforms Affected:
HAURI Inc., ViRobot Linux Server version 2.0 and earlier versions
Linux Any version |
| Recommendation |
Apply the appropriate patch for your system, available from the HAURI Web site at http://www.hauri.net/download/download_linux_patch.php |
| Related URL |
CVE-2005-2041 (CVE) |
| Related URL |
13964 (SecurityFocus) |
| Related URL |
21000 (ISS) |
|
