Detections
Analytics

ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite

high Nessus Plugin ID 34397

Language:

Synopsis

A CGI script on the remote web server can be used to overwrite arbitrary files.

Description

The File Check Utility (fcheck.exe) included with the version of ASG-Sentry installed on the remote host fails to sanitize input before creating index files with filenames and checksums. An unauthenticated remote attacker can leverage this issue to overwrite existing files with either no data or a list of filenames and checksums or possibly to use up CPU and disk resources by scanning, say, 'C:\'.

Note that there are reportedly several other issues affecting this version of ASG-Sentry, including buffer overflows, although Nessus has not checked for them.

Solution

Unknown at this time.

See Also

http://aluigi.altervista.org/adv/asgulo-adv.txt

https://seclists.org/bugtraq/2008/Mar/128

Plugin Details

Severity: High

ID: 34397

File Name: asg_sentry_fcheck.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 10/14/2008

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-1322

BID: 28188

Secunia: 29289