HTTP: CHETCPASSWD Information Disclosure
This signature detects attempts to exploit a known vulnerability in the chetcpasswd.cgi. A successful attack can lead to a buffer overflow and display the contents of the system /etc/shadow file.
Extended Description
CHETCPASSWD is prone to a vulnerability that may potentially cause the tail end of the local shadow file to be disclosed to a remote attacker. It is possible to exploit this issue by sending an overly long string as a value for the 'user' URI parameter in a request to the 'chetcpasswd.cgi'.
Affected Products
Chetcpasswd chetcpasswd
Short Name
HTTP:CGI:CHETCPASSWD-OF
Severity
Minor
Recommended
False
Recommended Action
Drop Packet
Category
HTTP
Keywords
CHETCPASSWD Disclosure Information bid:6472
Release Date
01/15/2007
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3586
False Positive
Unknown
Vendors
Chetcpasswd