Vulnerabilities > CVE-1999-0039 - Unspecified vulnerability in SGI Irix

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

sgi

nessus

exploit available

NVD

Published: 1997-05-06

Updated: 2018-05-03

Summary

webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

Vulnerable Configurations

Part	Description	Count
OS	Sgi SGI Irix 5.0 SGI Irix 5.1 SGI Irix 5.2 SGI Irix 5.3 SGI Irix 6.1 SGI Irix 6.2 SGI Irix 6.3	7

Exploit-Db

description	SGI IRIX 6.3 cgi-bin webdist.cgi Vulnerabilty. CVE-1999-0039. Remote exploits for multiple platform
id	EDB-ID:19299
last seen	2016-02-02
modified	1997-05-06
published	1997-05-06
reporter	anonymous
source	https://www.exploit-db.com/download/19299/
title	SGI IRIX <= 6.3 cgi-bin webdist.cgi Vulnerabilty

Nessus

NASL family	CGI abuses
NASL id	WEBDIST.NASL
description	The
last seen	2020-06-01
modified	2020-06-02
plugin id	10299
published	1999-06-22
reporter	This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10299
title	IRIX webdist.cgi Arbitrary Command Execution
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10299); script_version("1.50"); script_cvs_date("Date: 2018/11/15 20:50:19"); script_cve_id("CVE-1999-0039"); script_bugtraq_id(374); script_xref(name:"CERT-CC", value:"CA-1997-12"); script_name(english:"IRIX webdist.cgi Arbitrary Command Execution"); script_summary(english:"Checks for the presence of webdist.cgi"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a CGI script that is prone to arbitrary code execution."); script_set_attribute(attribute:"description", value: "The 'webdist.cgi' CGI is installed. This script has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the web server user id."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1997/May/18"); script_set_attribute(attribute:"solution", value:"Remove this CGI."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"1997/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"1999/06/22"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); http_check_remote_code( extra_dirs:"", check_request:"/webdist.cgi?distloc=;id", check_result:"uid=[0-9]+.gid=[0-9]+.", command:"id", port:port );

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References