php-exec-dir Command Execution Bypass

2004-06-24T03:55:28
ID OSVDB:7243
Type osvdb
Reporter VeNeMouS(venom@gen-x.co.nz)
Modified 2004-06-24T03:55:28

Description

Vulnerability Description

php-exec-dir contains a flaw that may allow a malicious user to bypass restrictions and execute commands. The issue is triggered when a user places a ";" before the command they wish to execute. It is possible that the flaw may allow remote command execution resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Please note, the initial patch for this vulnerability did not fully correct the flaw. Be sure you have downloaded the patch on or after 2004 09:47:57.

Short Description

php-exec-dir contains a flaw that may allow a malicious user to bypass restrictions and execute commands. The issue is triggered when a user places a ";" before the command they wish to execute. It is possible that the flaw may allow remote command execution resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor URL: http://kyberdigi.cz/projects/execdir/english.html Secunia Advisory ID:11928 Other Advisory URL: http://lists.netsys.com/pipermail/full-disclosure/2004-June/022963.html Mail List Post: http://lists.netsys.com/pipermail/full-disclosure/2004-July/thread.html#23589 Mail List Post: http://lists.netsys.com/pipermail/full-disclosure/2004-July/thread.html#23585 ISS X-Force ID: 16498 Bugtraq ID: 10598