HTTP: RedHat 6.2 Piranha passwd.php3
This signature detects attempts to exploit the vulnerable passwd.php3 cgi-bin script in the Piranha virtual server package (RedHat Linux 6.2). Because the script does not validate input properly, attackers can authenticate to the Piranha package with the effective ID of the Web server and execute arbitrary commands.
Extended Description
A vulnerability exists in the passwd.php3 cgi-bin script, as included by RedHat as part of the Piranha virtual server package, in RedHat Linux 6.2. Due to improper checking of input, it is possible for any user who can authenticate to the Piranha package to execute arbitrary commands, with the effective id of the web server. This may be used to leverage access to the machine, resulting in further compromise.
Affected Products
Red_hat piranha-gui-0.4.12-1.i386.rpm
Short Name
HTTP:PHP:REDHAT-PIRANHA-PASSWD
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
6.2 CVE-2000-0248 CVE-2000-0322 Piranha RedHat bid:1148 bid:1149 passwd.php3
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
CVSS Score
10.0