HTTP: IRIX InfoSearch fname Remote Execution

This signature detects attempts to exploit a known vulnerability in the infosrch.cgi script. Attackers can execute commands on the Web server.

Extended Description

The InfoSearch package converts man pages and other documentation into HTML web content. The search form uses infosrch.cgi which does not properly parse user input in the 'fname' variable, allowing commands to be executed at the webserver privilege level by remote web users.

Affected Products

Sgi irix

References

BugTraq: 1031

CVE: CVE-2000-0207

Short Name
HTTP:CGI:INFOSRCH-REMOTE-EXEC
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2000-0207 Execution IRIX InfoSearch Remote bid:1031 fname
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Sgi

CVSS Score

7.5

Found a potential security threat?