ID OSVDB:3206 Type osvdb Reporter OSVDB Modified 2000-10-26T00:00:00
Description
Vulnerability Description
TIS Internet Firewall Toolkit (FWTK) contains a flaw that allows a remote attacker to execute arbitrary code on the vulnerable system. The flaw is due to the pmsg() function in the x-gw package. If an attacker supplied malicious code, the sanity checks the function performs will not report the error only, instead it reports the error along with the malicious code which it executes.
Solution Description
It is possible to correct the flaw by implementing the following workaround: disallow login from untrusted user/hosts. "pre" (original advisory) has released a patch to address this vulnerability.
Short Description
TIS Internet Firewall Toolkit (FWTK) contains a flaw that allows a remote attacker to execute arbitrary code on the vulnerable system. The flaw is due to the pmsg() function in the x-gw package. If an attacker supplied malicious code, the sanity checks the function performs will not report the error only, instead it reports the error along with the malicious code which it executes.
References:
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2000-10/0376.html
Keyword: FWTK
ISS X-Force ID: 5420
CVE-2000-0950
Bugtraq ID: 1857
{"edition": 1, "title": "Firewall ToolKit x-gw Exectue Arbitrary Code", "bulletinFamily": "software", "published": "2000-10-26T00:00:00", "lastseen": "2017-04-28T13:19:57", "modified": "2000-10-26T00:00:00", "reporter": "OSVDB", "viewCount": 2, "href": "https://vulners.com/osvdb/OSVDB:3206", "description": "## Vulnerability Description\nTIS Internet Firewall Toolkit (FWTK) contains a flaw that allows a remote attacker to execute arbitrary code on the vulnerable system. The flaw is due to the pmsg() function in the x-gw package. If an attacker supplied malicious code, the sanity checks the function performs will not report the error only, instead it reports the error along with the malicious code which it executes.\n## Solution Description\nIt is possible to correct the flaw by implementing the following workaround: disallow login from untrusted user/hosts. \"pre\" (original advisory) has released a patch to address this vulnerability.\n## Short Description\nTIS Internet Firewall Toolkit (FWTK) contains a flaw that allows a remote attacker to execute arbitrary code on the vulnerable system. The flaw is due to the pmsg() function in the x-gw package. If an attacker supplied malicious code, the sanity checks the function performs will not report the error only, instead it reports the error along with the malicious code which it executes.\n## References:\nOther Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2000-10/0376.html\nKeyword: FWTK\nISS X-Force ID: 5420\n[CVE-2000-0950](https://vulners.com/cve/CVE-2000-0950)\nBugtraq ID: 1857\n", "affectedSoftware": [{"name": "Internet Firewall Toolkit", "version": "2.1", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-04-28T13:19:57", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2000-0950"]}], "modified": "2017-04-28T13:19:57", "rev": 2}, "vulnersScore": 6.4}, "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 7.2}, "cvelist": ["CVE-2000-0950"], "id": "OSVDB:3206"}
