Signature Detail
Short Name |
HTTP:CGI:W3-MSQL-FILE-DISCLSR |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
mini-SQL CGI info disclosure info leak |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+ |
HTTP: Mini SQL w3-msql File View Disclosure
This signature detects attempts to exploit a known vulnerability against the w3-msql CGI script in mini-SQL. Successful attackers can execute arbitrary commands on the server.
Extended Description
w3-msql is a cgi-program shipped with Mini-SQL which acts as a web interface for msql. There are a number of buffer overflow vulnerabilities in it with one proven to be exploitable. The exploitable buffer is the content-length field and the stack is overflowed inside of a scanf() call. As a result, it is possible to execute arbitrary code remotely as the uid of the webserver (usually nobody).
Affected Products
- Hughes Technologies Mini SQL (mSQL) 2.0.11
References
- BugTraq: 898
- CVE: CVE-2000-0012
- URL: http://www.thur.de/other/docs/w3-msql.html