CGIWrap msgs.c Format String Privilege Escalation

2003-04-23T00:00:00
ID OSVDB:7616
Type osvdb
Reporter b0f(b0fnet@yahoo.com)
Modified 2003-04-23T00:00:00

Description

Vulnerability Description

According to the advisory, CGIWrap contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the 'printf()' function in the 'msgs.c' file, which is apparently used incorrectly and may could allow an attacker to gain access to root privileges, resulting in a loss of integrity.

Solution Description

According to the vendor, the adivsory is a result of a false positive due to misunderstanding the source code.

Short Description

According to the advisory, CGIWrap contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the 'printf()' function in the 'msgs.c' file, which is apparently used incorrectly and may could allow an attacker to gain access to root privileges, resulting in a loss of integrity.

References:

Vendor URL: http://cgiwrap.sourceforge.net/ Mail List Post: http://seclists.org/lists/bugtraq/2003/Apr/0288.html Mail List Post: http://seclists.org/lists/bugtraq/2003/Apr/0279.html