BID:1817

BNB Survey.cgi Metacharacter Vulnerability

Info

BNB Survey.cgi Metacharacter Vulnerability

Bugtraq ID:	1817
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 03 1998 12:00AM
Updated:	Dec 03 1998 12:00AM
Credit:	According to the CVE database, this vulnerability was originally disclosed in an EL8 advisory dating from late 1998; unfortunately this advisory could not be located.
Vulnerable:	Big Nose Bird BNBSurvey 1.0 - Larry Wall Perl 5.6 - Larry Wall Perl 5.0 05_003 - Larry Wall Perl 5.0 05 - Larry Wall Perl 5.0 04_05 - Larry Wall Perl 5.0 04 - Larry Wall Perl 5.0 03

Not Vulnerable:	Big Nose Bird BNBSurvey 3.0 - Larry Wall Perl 5.6 - Larry Wall Perl 5.0 05_003 - Larry Wall Perl 5.0 05 - Larry Wall Perl 5.0 04_05 - Larry Wall Perl 5.0 04 - Larry Wall Perl 5.0 03

Discussion

BNB Survey.cgi Metacharacter Vulnerability

Big Nose Bird provides a free script, Survey.cgi, which provides a simple "Web Survey" function. This script does poor input checking, inappropriately allowing shell metacharacters (such as the pipe "|" character, input and output characters ">" and "<", etc) in user supplied data. This could lead to an elevation of user privileges by allowing an attacker to execute shell commands with the privileges of the web server.

Exploit / POC

BNB Survey.cgi Metacharacter Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

BNB Survey.cgi Metacharacter Vulnerability

Solution:
BNB has addressed this issue in Survey.cgi version 3.0:

Big Nose Bird BNBSurvey 1.0

Big Nose Bird BNBSurvey
ftp://ftp.bignosebird.com/survey.zip

References

BNB Survey.cgi Metacharacter Vulnerability

References: