Chili!Soft ASP GID Root Script Execution Vulnerability
BID:2376
Info
Chili!Soft ASP GID Root Script Execution Vulnerability
| Bugtraq ID: | 2376 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 06 2001 12:00AM |
| Updated: | Feb 06 2001 12:00AM |
| Credit: | Reported to bugtraq by Mark Krenz <[email protected]> on Tue, 6 Feb 2001. |
| Vulnerable: |
Chilisoft ChiliSoft ASP for Linux 3.5 Chilisoft ChiliSoft ASP for Linux 3.0 |
| Not Vulnerable: | |
Discussion
Chili!Soft ASP GID Root Script Execution Vulnerability
CASP's 'inherited' security mode normally causes the service to run with group and user ids specified in the webserver's virtual host configuration files.
This is not done in vulnerable versions. Instead, scripts run with groupid root. This may allow a local malicious script to be remotely executed, possibly executing arbitrary commands with elevated privilege.
CASP's 'inherited' security mode normally causes the service to run with group and user ids specified in the webserver's virtual host configuration files.
This is not done in vulnerable versions. Instead, scripts run with groupid root. This may allow a local malicious script to be remotely executed, possibly executing arbitrary commands with elevated privilege.
Exploit / POC
Chili!Soft ASP GID Root Script Execution Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Chili!Soft ASP GID Root Script Execution Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Chili!Soft ASP GID Root Script Execution Vulnerability
References:
References: