Family: CGI abuses --> Category: infos
CGIEmail's CGICso (Send CSO via CGI) Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Determine if a remote host is vulnerable to the cgicso vulnerability
Detailed Explanation for this Vulnerability Test
The remote host seems to be vulnerable to a security problem in
CGIEmail (cgicso). The vulnerability is caused by inadequate processing
of queries by CGIEmail's cgicso and results in a command execution
The server can be compromised by executing commands as the web server's
running user (usually 'nobody').
Modify cgicso.h to contain a strict setting of your finger host.
Define the following in cgicso.h:
#define CGI_CSO_FINGERHOST 'localhost'
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.