Detections
Analytics

Trend Micro InterScan VirusWall catinfo CGI Overflow

critical Nessus Plugin ID 10650

Synopsis

The remote host has an application that is affected by a buffer overflow vulnerability.

Description

The remote cgi /catinfo seems to be vulnerable to a buffer overflow when it receives a too long input strings, allowing any user to execute arbitrary commands as root.

This CGI usually comes with the VirusWall suite.

Solution

If you are using VirusWall, upgrade to version 3.6, or else you *may* ignore this warning.

See Also

http://www.nessus.org/u?9986ffc0

Plugin Details

Severity: Critical

ID: 10650

File Name: vw_bof.nasl

Version: 1.35

Type: remote

Family: CGI abuses

Published: 4/16/2001

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport, www/cern

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/13/2001

Reference Information

CVE: CVE-2001-0432

BID: 2579