Mailnews CGI Arbitrary Command Execution

2001-02-18T00:00:00
ID OSVDB:530
Type osvdb
Reporter OSVDB
Modified 2001-02-18T00:00:00

Description

Vulnerability Description

This host is running a web server and the 'mailnews' CGI is installed. This CGI contains a flaw that allows an attacker to execute arbitrary commands on this host. An attacker can use this to gain access to this host.

Solution Description

Please remove the 'mailnews' script from the CGI- BIN directory on this host.

Short Description

This host is running a web server and the 'mailnews' CGI is installed. This CGI contains a flaw that allows an attacker to execute arbitrary commands on this host. An attacker can use this to gain access to this host.

References:

Snort Signature ID: 1471 CVE-2001-0271