8680 : Sun AnswerBook2 dwhttpd shell metacharacters Remote Command Execution
Printer | http://osvdb.org/8680 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

10 months ago

Percent Complete

90%

Disclosure

Aug 07, 2000

Discovery

Unknown

Dates

Exploit

Aug 07, 2000

Solution

Unknown

Description

Sun Solaris Answerbook2 shipped with the dwhttpd package contains a flaw that may allow a malicious user to run commands remotely. The issue is due to the insufficient input validation for cgi scripts in the admininstration interface of Answerbook2. By sending a specially crafted URL request with shell metacharacters to port 8888, a remote attacker can run the commands with web user privileges, resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.

Products

Sun Microsystems, Inc.	Solaris dwhttpd	4.0
		4.1

References

Bugtraq ID: 1556
CVE ID: 2000-0697 (see also: NVD)
ISS X-Force ID: 5058
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-08/0044.html
Vendor Specific Advisory URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=secbull/196

Tools & Filters

Snort	1947
Nessus	23048 23146 23234 23320

Manual Testing Notes

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sun Microsystems, Inc.

Solaris dwhttpd

References

Tools & Filters

Manual Testing Notes

Credit

Blogs

Comments