cgiemail cgicso Arbitrary Command Execution

2001-06-30T00:00:00
ID OSVDB:650
Type osvdb
Reporter OSVDB
Modified 2001-06-30T00:00:00

Description

Vulnerability Description

A remote overflow exists in the cgiemail cgicso. The script fails to verify input resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:

Define the following in cgicso.h:

define CGI_CSO_HARDCODE

define CGI_CSO_FINGERHOST 'localhost'

Short Description

A remote overflow exists in the cgiemail cgicso. The script fails to verify input resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

Manual Testing Notes

http://[victim]/cgicso?query=AAA

if "400 Required field missing: fingerhost" is returned, the script may be vulnerable.

References:

Vendor URL: http://web.mit.edu/wwwdev/cgiemail/ Vendor Specific Advisory URL Snort Signature ID: 1875 Nessus Plugin ID:10779 Generic Informational URL: http://securitytracker.com/alerts/2001/Sep/1002395.html Generic Informational URL: http://www.securiteam.com/exploits/5TP0W005FE.html Generic Exploit URL: http://www.hhp-programming.net/ourexploits/cso.c CERT VU: 185251 Bugtraq ID: 6141