Sambar Server批处理CGI漏洞

漏洞信息详情

Sambar Server批处理CGI漏洞

• CNNVD编号：CNNVD-200002-065
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0213
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2000-02-23
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  sambar
• 漏洞来源：
  Posted to Bugtraq …

The Sambar服务器CGI目录包含批处理文件ECHO.BAT 和HELLO.BAT。 远程攻击者借助shell元字符可以执行命令。

Sambar Technologies has made available a version of Sambar Server that does not ship with any batch files. However, since batch-file execution is still supported, attackers can still compromise a computer if batch files are uploaded to the ‘cgi-bin’ directory by any means.
This version (4.3 Beta 8) without batch files may be downloaded from the location below:
http://www.sambar.com/beta.htm

来源: BID
名称: 1002
链接:http://www.securityfocus.com/bid/1002

来源: BUGTRAQ
名称: 20000223 Sambar Server alert!
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38B3E60A.6A84FEC3@cybcom.net

来源: www.sambar.com
链接:http://www.sambar.com/session/highlight?url=/syshelp/history.htm&words=security+&color=red