O'Reilly WebSite Pro args.cmd Arbitrary Command Execution

1999-02-16T00:00:00
ID OSVDB:12962
Type osvdb
Reporter Christian Antkow(xian@idsoftware.com)
Modified 1999-02-16T00:00:00

Description

Vulnerability Description

WebSite Pro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the 'args.cmd' script not properly sanitizing user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Remove the demo files.

Short Description

WebSite Pro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the 'args.cmd' script not properly sanitizing user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.

References:

Vendor URL: http://www.oreilly.com/software/index.html? Related OSVDB ID: 12963 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0738.html ISS X-Force ID: 7529 CVE-1999-1180