|
|
|
|
|
|
|
| |
O'Reilly WebSite win-c-sample Remote Overflow |
|
| This script is Copyright (C) 1999-2009 Tenable Network Security, Inc. |
|
|
| Family | CGI abuses |
| Nessus Plugin ID | 10008 (WebSite.nasl) |
| Bugtraq ID | 2078
|
| CVE ID | CVE-1999-0178
|
|
| Description: |
Synopsis :
The remote web server is prone to a remote buffer overflow attack.
Description :
This web server appears to be a version of O'Reilly WebSite that has a
buffer overflow vulnerability in its '/cgi-shl/win-c-sample.exe'
script. By passing a specially crafted argument to this script, an
unauthenticated remote attacker can leverage this overflow to execute
arbitrary code on the affected host subject to the privileges under
which the service operates.
See also :
http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html
Solution :
Upgrade to O'Reilly WebSite version 2.5, which reportedly addresses
the vulnerability.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
|
|
|
|
|
