Sambar Server dumpenv.pl Information Disclosure

1998-06-10T00:00:00
ID OSVDB:52
Type osvdb
Reporter Michiel de Weerd(webmaster@FOCUS.DEMON.NL)
Modified 1998-06-10T00:00:00

Description

Vulnerability Description

Sambar Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker accesses dumpenv.pl, which will disclose system environment information information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):

Remove dumpenv.pl from the /cgi-bin directory.

Short Description

Sambar Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker accesses dumpenv.pl, which will disclose system environment information information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/cgi-bin/dumpenv.pl

References:

Snort Signature ID: 869 Nessus Plugin ID:10060 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_2/0502.html ISS X-Force ID: 3223 Generic Informational URL: http://www.securityfocus.com/archive/1/9505 CVE-1999-1178