|
Family: CGI abuses --> Category: infos
CGIEmail's CGICso (Send CSO via CGI) Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary Determine if a remote host is vulnerable to the cgicso vulnerability
Detailed Explanation for this Vulnerability Test
The remote host seems to be vulnerable to a security problem in
CGIEmail (cgicso). The vulnerability is caused by inadequate processing
of queries by CGIEmail's cgicso and results in a command execution
vulnerability.
Impact:
The server can be compromised by executing commands as the web server's
running user (usually 'nobody').
Solution:
Modify cgicso.h to contain a strict setting of your finger host.
Example:
Define the following in cgicso.h:
#define CGI_CSO_HARDCODE
#define CGI_CSO_FINGERHOST 'localhost'
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|