eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI

eSO Security Advisory: 2408
Discovery Date: April 3, 2000
ID: eSO:2408
Title: CIDER SHADOW CGI arbitrary command execution
vulnerabilities
Impact: Remote attackers can execute commands with the
privileges of the running web server process
Affected Technology: CIDER SHADOW 1.5, 1.6
Vendor Status: Vendor informed
Discovered By: Kevin Kotas of the eSecurityOnline Research
and Development Team
CVE Reference: CAN-2002-0091

Advisory Location:
http://www.eSecurityOnline.com/advisories/eSO2408.asp

Description:
The CIDER Project's SHADOW intrusion detection utility is vulnerable to
CGI implementation flaws that allow a remote attacker to run arbitrary
commands on the analyzer. The problem occurs due to insufficient
character verification of sent variables. For multiple CGI scripts, an
attacker can send a specially crafted URL and execute commands with
the privileges of the running server.

Technical Recommendation:
By design, the analyzer web interface should only be reachable through
an internal network and with password authentication. Since the
possibility remains that an attacker can reach the analyzer, disable
network access to the web interface and only view the web pages
locally.

Copyright 2002 eSecurityOnline LLC. All rights reserved.

THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY
ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND,
AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE,
CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN
THIS VULNERABILITY ALERT.