From researchteam5@esecurityonline.com Fri May 3 03:37:30 2002 From: researchteam5@esecurityonline.com To: vulnwatch@vulnwatch.org, bugtraq@securityfocus.com Cc: ken.williams@ey.com Date: Mon, 29 Apr 2002 14:59:27 -0500 Subject: eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI eSO Security Advisory: 2408 Discovery Date: April 3, 2000 ID: eSO:2408 Title: CIDER SHADOW CGI arbitrary command execution vulnerabilities Impact: Remote attackers can execute commands with the privileges of the running web server process Affected Technology: CIDER SHADOW 1.5, 1.6 Vendor Status: Vendor informed Discovered By: Kevin Kotas of the eSecurityOnline Research and Development Team CVE Reference: CAN-2002-0091 Advisory Location: http://www.eSecurityOnline.com/advisories/eSO2408.asp Description: The CIDER Project's SHADOW intrusion detection utility is vulnerable to CGI implementation flaws that allow a remote attacker to run arbitrary commands on the analyzer. The problem occurs due to insufficient character verification of sent variables. For multiple CGI scripts, an attacker can send a specially crafted URL and execute commands with the privileges of the running server. Technical Recommendation: By design, the analyzer web interface should only be reachable through an internal network and with password authentication. Since the possibility remains that an attacker can reach the analyzer, disable network access to the web interface and only view the web pages locally. Copyright 2002 eSecurityOnline LLC. All rights reserved. THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND, AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE, CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN THIS VULNERABILITY ALERT.