SCAN: Snork Access
This signature detects attempts to execute snork, a program with known vulnerabilities.
Extended Description
Oracle Web Listener for NT makes use of various batch files as cgi scripts, which are stored in the /ows-bin/ directory by default. Any of these batch files can be used to run arbitrary commands on the server, simply by appending '?&' and a command to the filename. The command will be run at the SYSTEM level. The name of a batch file is not even neccessary, as it will translate the '*' character and apply the appended string to every batch file in the directory. Moreover, UNC paths can be used to cause the server to download and execute remote code.
Affected Products
Oracle web_listener
Short Name
SCAN:MISC:HTTP:SNORK-ACCESS
Severity
Info
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
Access CVE-2000-0169 Snork bid:1053
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Oracle
CVSS Score
7.5