Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2127 |
Message | WEB-CGI ikonboard.cgi access |
Summary | This event is generated when an attempt is made to access ikonboard.cgi on a web server. This may indicate an attempt to exploit an arbitrary code execution vulnerability that affects Ikonboard web-based bulletin board software. |
Impact | Arbitrary code execution. |
Detailed Information | This event indicates that an attempt has been made to exploit an arbitrary code execution vulnerability in Ikonboard web-based bulletin board software. An attacker can bypass user input validation by inserting illegal characters into the "lang" value of a user cookie, which then allows the attacker to pass arbitrary Perl code to the web server. |
Affected Systems | Any web server running Ikonboard bulletin board software. |
Attack Scenarios | An attacker can provide a crafted cookie to the web server running Ikonboard. The web server will then attempt to execute the arbitrary Perl commands embedded in the cookie. |
Ease of Attack | Simple. A proof of concept exists. |
Corrective Action | An unsupported and unofficial patch is available at http://www.securityfocus.com/bid/7361/solution/. Check the host for signs of compromise. |
Additional References | Bugtraq http://www.securityfocus.com/bid/7361 Nessus http://cgi.nessus.org/plugins/dump.php3?id=11605 |
Rule References | bugtraq: 7361 nessus: 11605 |
--
DID:431264
--
http://www.aanval.com/