Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:804 |
Message | WEB-CGI SWSoft ASPSeek Overflow attempt |
Summary | This event is generated when an attempt is made to exploit a buffer overflow vulnerability in SWSoft ASPSeek search engine software. |
Impact | Arbitrary code execution. |
Detailed Information | SWSoft ASPSeek search engine software contains a buffer overflow vulnerability where, if a sufficiently long string is sent to the s.cgi script using the template (tmpl) variable, a buffer overflow condition can occur. This may allow the execution of arbitrary code. |
Affected Systems | All Apache web servers running SWSoft ASPSeek 1.0.3 and earlier are vulnerable. |
Attack Scenarios | An attacker can send a crafted query to the s.cgi script, creating a buffer overflow condition. This could then allow the attacker to execute arbitrary code from the system's command shell. |
Ease of Attack | Simple. Exploits exist. |
Corrective Action | Upgrade to SWSoft ASPSeek 1.04 or later. |
Additional References | Bugtraq http://www.securityfocus.com/bid/2492 CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0476 |
Rule References | bugtraq: 2492 cve: 2001-0476 |
--
DID:584989
--
http://www.aanval.com/