APP: Netscape Fastrack scohelp Buffer Overflow

This signature detects attempts to exploit a known vulnerability against SCO Unixware's Netscape Fasttrack scohelp httpd service. An attacker can supply an overly long URL to potentially gain command-line access as the user running the service, to the victim host. A successful attack can cause a buffer overflow condition. This is known to affect scohelp 2.01a running on SCO Unixware 7.1.

Extended Description

SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided for that purpose has a vulnerability that could allow any remote attacker to execute arbitrary code on the vulnerable machine with privileges of user "nobody". This poses a threat that could result in the remote compromise of the vulnerable host and provide a staging point from where an attacker could escalate privileges.

Affected Products

Sco unixware

References

BugTraq: 1717

CVE: CVE-2000-1014

URL: http://www.pestpatrol.com/pestinfo/u/unixware_scohelp_http_server_format_string_vulnerability.asp http://www2.corest.com/common/showdoc.php?idx=126&idxseccion=10 http://www.securiteam.com/unixfocus/6Q00S0K06U.html

Short Name

APP:SCOHELP-OF1

Severity

Major

Recommended

False

Recommended Action

Drop

APP: Netscape Fastrack scohelp Buffer Overflow

Extended Description

Affected Products

References

Found a potential security threat?