| VID |
21941 |
| Severity |
30 |
| Port |
8987, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Sawmill program allows the reading of the first line of arbitrary files on the system. Sawmill is a site statistics package for Unix, Windows and Mac OS. Sawmill version 5.0.21 could allow a remote attacker to read the first line of any world readable file for which the full pathname is known. A remote attacker could send a specially-crafted URL request specifying a file in the rfcf parameter to read the first line of arbitrary files on the affected host.
* References:
http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html
http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html
* Platforms Affected:
Flowerfire, Sawmill version 5.0.21
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Sawmill (5.0.22 or later), available from the Sawmill Download Web site at http://www.sawmill.net/us_downloads.html |
| Related URL |
CVE-2000-0588 (CVE) |
| Related URL |
1402 (SecurityFocus) |
| Related URL |
(ISS) |
|
