MetaInfo Web Server Traversal Arbitrary Command Execution

Critical Nessus Plugin ID 10141


The remote host has a command execution vulnerability.


The remote MetaInfo web server (installed with MetaInfo's Sendmail or MetaIP servers) has an arbitrary command execution vulnerability. It is possible to read files or execute arbitrary commands by prepending the appropriate number of '../' to the desired filename. A remote attacker could exploit this to execute arbitrary commands on the system.


Upgrade to the latest version of this software.

See Also

Plugin Details

Severity: Critical

ID: 10141

File Name: metainfo_mail.nasl

Version: $Revision: 1.32 $

Type: remote

Family: Web Servers

Published: 1999/06/22

Modified: 2016/10/27

Dependencies: 10107

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1998/06/30

Reference Information

CVE: CVE-1999-0268

BID: 110

OSVDB: 110, 3969