Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--

GEN:SID 1:2127
Message WEB-CGI ikonboard.cgi access
Summary This event is generated when an attempt is made to access ikonboard.cgi
on a web server. This may indicate an attempt to exploit an arbitrary
code execution vulnerability that affects Ikonboard web-based bulletin
board software.
Impact Arbitrary code execution.
Detailed Information This event indicates that an attempt has been made to exploit an
arbitrary code execution vulnerability in Ikonboard web-based bulletin
board software. An attacker can bypass user input validation by
inserting illegal characters into the "lang" value of a user cookie,
which then allows the attacker to pass arbitrary Perl code to the web
server.
Affected Systems Any web server running Ikonboard bulletin board software.
Attack Scenarios An attacker can provide a crafted cookie to the web server running
Ikonboard. The web server will then attempt to execute the arbitrary
Perl commands embedded in the cookie.
Ease of Attack Simple. A proof of concept exists.
Corrective Action An unsupported and unofficial patch is available at http://www.securityfocus.com/bid/7361/solution/.

Check the host for signs of compromise.
Additional References Bugtraq
http://www.securityfocus.com/bid/7361

Nessus
http://cgi.nessus.org/plugins/dump.php3?id=11605
Rule References bugtraq: 7361
nessus: 11605

--
DID:431264
--

http://www.aanval.com/