Whois Internic Lookup whois.cgi Domain Entry Arbitrary Command Execution

1999-11-09T00:00:00
ID OSVDB:9773
Type osvdb
Reporter hhp(hhp@hhp.perlx.com)
Modified 1999-11-09T00:00:00

Description

Vulnerability Description

Ranson Johnson's Whois Internic Lookup CGI contains a flaw that may allow a malicious user to execute arbitrary command. The issue is due to the "whois.cgi" script not properly sanitizing shell metacharacters in the domain entry field. By sending a specially crafted domain request, a remote attacker can run any command on the system with the same privileges as the CGI program.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Ranson Johnson's Whois Internic Lookup CGI contains a flaw that may allow a malicious user to execute arbitrary command. The issue is due to the "whois.cgi" script not properly sanitizing shell metacharacters in the domain entry field. By sending a specially crafted domain request, a remote attacker can run any command on the system with the same privileges as the CGI program.

Manual Testing Notes

Depending on the system setup one of the following tests would work on a vulnerable system.

;[malicious command] ";[malicious command] ;[malicious command];

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q4/0279.html ISS X-Force ID: 3798 CVE-1999-0983 Bugtraq ID: 2000