Lucene search
This script is Copyright (C) 1999-2021 Mathieu PerrinCGIWRAP.NASLHistoryDec 15, 1999 - 12:00 a.m.
Cobalt RaQ2 cgiwrap Multiple Vulnerabilities
1999-12-1500:00:00
This script is Copyright (C) 1999-2021 Mathieu Perrin
www.tenable.com
78
The remote host has ‘cgiwrap’ is installed. If you are running an unpatched Cobalt RaQ, the version of cgiwrap distributed with that system has a known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody).
This flaw exists only on the Cobalt modified cgiwrap. Standard builds of cgiwrap are not affected.
#%NASL_MIN_LEVEL 70300
#
# This script was written by Mathieu Perrin <[email protected]>
#
# See the Nessus Scripts License for details
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(10041);
script_version("1.38");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-1999-1530", "CVE-2000-0431");
script_bugtraq_id(777, 1238);
script_name(english:"Cobalt RaQ2 cgiwrap Multiple Vulnerabilities");
script_summary(english:"Checks for the presence of /cgi-bin/cgiwrap");
script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application that is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote host has 'cgiwrap' is installed. If you are running an
unpatched Cobalt RaQ, the version of cgiwrap distributed with that
system has a known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
This flaw exists only on the Cobalt modified cgiwrap. Standard builds
of cgiwrap are not affected.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1999/Nov/122");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1999/Nov/98");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/May/264");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/May/310");
script_set_attribute(attribute:"solution", value:"Cobalt Networks has released a patch that addresses the vulnerability.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:W/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"1999/11/08");
script_set_attribute(attribute:"plugin_publication_date", value:"1999/12/15");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 1999-2021 Mathieu Perrin");
script_family(english:"CGI abuses");
script_dependencie("http_version.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:80, embedded:TRUE);
res = is_cgi_installed_ka(item:"cgiwrap", port:port);
if(res)security_hole(port);
Related
openvas
openvas
Cobalt RaQ2 cgiwrap
2005-11-03 00:00:00
cve
cve
CVE-2000-0431
2000-05-22 04:00:00
CVE-1999-1530
1999-11-08 05:00:00
Related for CGIWRAP.NASL