Signature Detail

HTTP: MiniSQL w3-msql CGI Buffer Overflow

This signature detects attempts to exploit a vulnerability in W3-msql, a CGI program that acts as a Web interface for Mini SQL (mSQL). W3-msql version 2.0.11 is vulnerable. Attackers can remotely send a maliciously crafted scanf call to overflow the content-length field and execute arbitrary code with Web server privileges.

Extended Description

w3-msql is a cgi-program shipped with Mini-SQL which acts as a web interface for msql. There are a number of buffer overflow vulnerabilities in it with one proven to be exploitable. The exploitable buffer is the content-length field and the stack is overflowed inside of a scanf() call. As a result, it is possible to execute arbitrary code remotely as the uid of the webserver (usually nobody).

Affected Products

• Hughes Technologies Mini SQL (mSQL) 2.0.11

References

• BugTraq: 898
• CVE: CVE-2000-0012
• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln898.html
• URL: http://securityfocus.com/bid/898
• URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2000-0012