Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2200 |
Message | WEB-CGI dnewsweb.cgi access |
Summary | This event is generated when an attempt is made to access dnewsweb.cgi on an internal web server. This may indicate an attempt to exploit a buffer overflow vulnerability in NetWin DNews News Server 5.3. |
Impact | Remote execution of arbitrary code, possibly leading to remote root compromise. |
Detailed Information | NetWin DNews News is a web-based application that manages remote access to Internet newsgroups. When overly long arguments are used as arguments to some dnewsweb.cgi parameters (including but not limited to "group," "cmd," and "utag"), a buffer overflow condition may occur. This can lead to the remote execution of arbitrary code with the security context of DNews. |
Affected Systems | Any operating system running NetWin DNews News Server 5.3 or lower. |
Attack Scenarios | An attacker transmits an overly long, specially crafted URL to the vulnerable DNews server, causing a buffer overflow condition. The attacker is then able to execute arbitrary code on the server with the security context of DNews. |
Ease of Attack | Simple. An exploit exists. |
Corrective Action | Upgrade to DNews News Server 5.4 or higher. |
Additional References | Bugtraq http://www.securityfocus.com/bid/1172 |
Rule References | bugtraq: 1172 bugtraq: 4579 cve: 2000-0423 nessus: 11748 |
--
DID:604594
--
http://www.aanval.com/