Detections
Analytics

Mini SQL CGI content-length Field Remote Overflow

critical Nessus Plugin ID 10296

Synopsis

The remote CGI script is vulnerable to a buffer overflow.

Description

The mini-sql program comes with the w3-msql CGI which is vulnerable to a buffer overflow.

An attacker may use it to gain a shell on this system.

Solution

Contact the vendor for a patch or remove the CGI.
A patch was also provided with the original disclosure notice.

See Also

https://seclists.org/bugtraq/1999/Dec/328

Plugin Details

Severity: Critical

ID: 10296

File Name: w3msql_overflow.nasl

Version: 1.39

Type: remote

Family: CGI abuses

Published: 1/3/2000

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/27/1999

Reference Information

CVE: CVE-2000-0012

BID: 898