MetaInfo Web Server Traversal Arbitrary Command Execution

This script is Copyright (C) 1999-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has a command execution vulnerability.

Description :

The remote MetaInfo web server (installed with MetaInfo's Sendmail or
MetaIP servers) has an arbitrary command execution vulnerability. It
is possible to read files or execute arbitrary commands by prepending
the appropriate number of '../' to the desired filename. A remote
attacker could exploit this to execute arbitrary commands on the
system.

See also :

http://archives.neohapsis.com/archives/bugtraq/1998_2/0687.html

Solution :

Upgrade to the latest version of this software.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 10141 ()

Bugtraq ID: 110

CVE ID: CVE-1999-0268