Title: NetCode NC Book Book.CGI Arbitrary Command Execution Vulnerability
Severity: HIGH
Description:
NetCode NC Book is a guestbook for websites distributed by NetCode.
A problem with the guestbook package can allow remote users to execute arbitrary commands. The problem is in the handling of URLs.
The package does not properly handle special characters when passed in an HTTP request. By creating a custom-crafted request encapsulated in pipes (||), it is possible to pass commands to the script that when interpretted will be executed on the local system.
Upon receiving a request such as:
http://target/cgi-bin/ncbook/book.cgi?action=default&current=|ls -la/|&form_tid=996604045&prev=main.html&list_message_index=10
the web server will pass the request to the NC Book package, executing a ls -la of the root directory (as seen between the pipes in the string).
This allows a remote user to place requests to the web server that will give them access to the local system with the permissions of the HTTPd process. This could result in further compromise, and potentially elevated local privileges.
Affected Products:
- NetCode NC Book 0.2.0 b
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
