Signature Detail
Short Name |
HTTP:PHP:REDHAT-PIRANHA-PASSWD |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
RedHat 6.2 Piranha passwd.php3 |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: RedHat 6.2 Piranha passwd.php3
This signature detects attempts to exploit the vulnerable passwd.php3 cgi-bin script in the Piranha virtual server package (RedHat Linux 6.2). Because the script does not validate input properly, attackers can authenticate to the Piranha package with the effective ID of the Web server and execute arbitrary commands.
Extended Description
A vulnerability exists in the passwd.php3 cgi-bin script, as included by RedHat as part of the Piranha virtual server package, in RedHat Linux 6.2. Due to improper checking of input, it is possible for any user who can authenticate to the Piranha package to execute arbitrary commands, with the effective id of the web server. This may be used to leverage access to the machine, resulting in further compromise.
Affected Products
- Red Hat Linux 6.2.0 Alpha
- Red Hat Linux 6.2.0 I386
- Red Hat Linux 6.2.0 Sparc
- Red Hat piranha-gui-0.4.12-1.i386.rpm
References