Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:IIS:CGI-BIN-CMD-EXE

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 IIS cgi-bin/cmd.exe Probe

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: IIS cgi-bin/cmd.exe Probe


This signature detects attempts to remotely execute cmd.exe.

Extended Description

An unchecked buffer exists in the code that handles environment strings within the command interpreter of Windows NT 4.0 and 2000, cmd.exe. If an unusually large environment variable is specified, cmd.exe will fail and the memory used will not be freed. By exploiting this repeatedly, an attacker could use up all free memory and cause a denial of service. This weakness could be exploited remotely via email, or in a situation where a batch file was used as a CGI script, and put user input into an environment variable.

Affected Products

  • Microsoft Terminal Server (WTS)
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0 alpha
  • Microsoft Windows NT Enterprise Server 4.0
  • Microsoft Windows NT Enterprise Server 4.0 SP1
  • Microsoft Windows NT Enterprise Server 4.0 SP2
  • Microsoft Windows NT Enterprise Server 4.0 SP3
  • Microsoft Windows NT Enterprise Server 4.0 SP4
  • Microsoft Windows NT Enterprise Server 4.0 SP5
  • Microsoft Windows NT Enterprise Server 4.0 SP6
  • Microsoft Windows NT Enterprise Server 4.0 SP6a
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows NT Server 4.0 SP1
  • Microsoft Windows NT Server 4.0 SP2
  • Microsoft Windows NT Server 4.0 SP3
  • Microsoft Windows NT Server 4.0 SP4
  • Microsoft Windows NT Server 4.0 SP5
  • Microsoft Windows NT Server 4.0 SP6
  • Microsoft Windows NT Server 4.0 SP6a
  • Microsoft Windows NT Terminal Server 4.0
  • Microsoft Windows NT Terminal Server 4.0 alpha
  • Microsoft Windows NT Terminal Server 4.0 SP1
  • Microsoft Windows NT Terminal Server 4.0 SP2
  • Microsoft Windows NT Terminal Server 4.0 SP3
  • Microsoft Windows NT Terminal Server 4.0 SP4
  • Microsoft Windows NT Terminal Server 4.0 SP5
  • Microsoft Windows NT Terminal Server 4.0 SP6
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Workstation 4.0 SP1
  • Microsoft Windows NT Workstation 4.0 SP2
  • Microsoft Windows NT Workstation 4.0 SP3
  • Microsoft Windows NT Workstation 4.0 SP4
  • Microsoft Windows NT Workstation 4.0 SP5
  • Microsoft Windows NT Workstation 4.0 SP6
  • Microsoft Windows NT Workstation 4.0 SP6a

References

  • BugTraq: 1135
  • CVE: CVE-2000-0331

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out