Lucene search

K
saintSAINT CorporationSAINT:FBB149991D1DC9B42FA13F3894FD9AA1
HistorySep 08, 2006 - 12:00 a.m.

WhatsUp Gold _maincfgret.cgi instancename buffer overflow

2006-09-0800:00:00
SAINT Corporation
download.saintcorporation.com
24

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.931 High

EPSS

Percentile

99.1%

Added: 09/08/2006
CVE: CVE-2004-0798
BID: 11043
OSVDB: 9177

Background

WhatsUp Professional (formerly WhatsUp Gold) is a network mapping and monitoring tool.

Problem

A buffer overflow in the WhatsUp Gold web interface allows remote command execution by requesting **_maincfgret.cgi** with a long **instancename** parameter.

Resolution

Install WhatsUp Gold 8.03 Hotfix 1.

References

[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=133&amp;type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=133&type=vulnerabilities
>)

Limitations

Exploit works on Ipswitch WhatsUp Gold 8.03.

Successful exploitation requires valid user credentials with permissions to Configure Program and Configure Reports.

Note that the WhatsUp Gold installation path may affect the success of this exploit. The exploit is designed to work with the default installation path only.

Platforms

Windows

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.931 High

EPSS

Percentile

99.1%