Lucene search
SuseSUSE-SA:2001:027HistoryAug 20, 2001 - 1:36 p.m.
local (maybe remote) privilege escalation in sdb
2001-08-2013:36:33
lists.opensuse.org
12
0.047 Low
EPSS
Percentile
91.7%
Sdbsearch.cgi is Perl script which is part of the sdb package of SuSE Linux was found vulnerable by using untrustworthy client input (HTTP_REFERER). By exploiting this trust an attacker could force the sdbsearch.cgi script to open a malicious keylist file which includes keywords and filenames. By replacing the filename in the keylist file with the Perl pipe followed by arbitrary shell commands the sdbsearch.cgi would execute these commands when trying to open these ‘filenames’. Note, that the attacker needs local access to the machine to store the keylist file on the server running sdbsearch.cgi. Misconfigured ftp accounts, trojan tar balls or RPM files could also be used.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 7.0 | noarch | sdb | < 2000.7.14-0 | sdb-2000.7.14-0.noarch.rpm |
| openSUSE | 7.0 | noarch | sdb | < 2000.7.14-3 | sdb-2000.7.14-3.noarch.rpm |
| openSUSE | 7.1 | noarch | sdb | < 2001.1.18-0 | sdb-2001.1.18-0.noarch.rpm |
| openSUSE | 7.1 | noarch | sdb | < 2001.1.18-2 | sdb-2001.1.18-2.noarch.rpm |
| openSUSE | 6.3 | noarch | sdb | < 99.11.8-2 | sdb-99.11.8-2.noarch.rpm |
| openSUSE | 6.4 | noarch | sdb | < 2000.3.13-1 | sdb-2000.3.13-1.noarch.rpm |
| openSUSE | 7.2 | noarch | sdb | < 2001.5.15-6 | sdb-2001.5.15-6.noarch.rpm |
| openSUSE | 6.3 | noarch | sdb | < 99.11.8-10 | sdb-99.11.8-10.noarch.rpm |
| openSUSE | 6.4 | noarch | sdb | < 2000.3.13-0 | sdb-2000.3.13-0.noarch.rpm |
Related
openvas
openvas
sdbsearch.cgi
2008-10-24 00:00:00
nessus
nessus
SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution
2001-08-13 00:00:00
cve
cve
CVE-2001-1130
2001-08-02 04:00:00