SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution

2001-08-02T00:00:00
ID OSVDB:598
Type osvdb
Reporter OSVDB
Modified 2001-08-02T00:00:00

Description

Vulnerability Description

The SuSe Support Data Base search script (sbsearch.cgi) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to script trusting the HTTP_REFERER field in a web request as the valid path to 'keyfile.txt'. If a malicious 'keyfile.txt' file is created on the server an attacker can set HTTP_REFERER to the path of the bogus 'keyfile.txt' and sbsearch.cgi will execute the commands in the file.

Short Description

The SuSe Support Data Base search script (sbsearch.cgi) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to script trusting the HTTP_REFERER field in a web request as the valid path to 'keyfile.txt'. If a malicious 'keyfile.txt' file is created on the server an attacker can set HTTP_REFERER to the path of the bogus 'keyfile.txt' and sbsearch.cgi will execute the commands in the file.

References:

Snort Signature ID: 1476 ISS X-Force ID: 7003 CVE-2001-1130