AN HTTP Server envout.bat Arbitrary Command Execution

1999-11-02T00:00:00
ID OSVDB:11568
Type osvdb
Reporter UNYUN(shadowpenguin@backsection.net)
Modified 1999-11-02T00:00:00

Description

Vulnerability Description

AN HTTP Server contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'envout.bat' CGI script does not validate user-supplied input. It is possible that the flaw may allow arbitrary command execution resulting in a loss of integrity.

Solution Description

Upgrade to version 1.21 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AN HTTP Server contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'envout.bat' CGI script does not validate user-supplied input. It is possible that the flaw may allow arbitrary command execution resulting in a loss of integrity.

Manual Testing Notes

http://[victim]/ssi/envout.bat?|dir....\windows

References:

Vendor URL: http://www.st.rim.or.jp/~nakata/ Snort Signature ID: 1516 Snort Signature ID: 1517 Related OSVDB ID: 11567 Related OSVDB ID: 11566 Related OSVDB ID: 16 Nessus Plugin ID:10016 Mail List Post: http://cert.uni-stuttgart.de/archive/bugtraq/1999/11/msg00030.html ISS X-Force ID: 3836 CVE-1999-0947 Bugtraq ID: 762