Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE network
low complexity
metainfo
critical
nessus
exploit available
Published: 1999-01-01
Updated: 2008-09-09
Summary
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.
Vulnerable Configurations
| Part | Description | Count |
| Application | Metainfo | 1 |
Exploit-Db
| description | Metainfo Sendmail 2.0/2.5,MetaIP 3.1. CVE-1999-0268. Remote exploits for multiple platform |
| id | EDB-ID:19084 |
| last seen | 2016-02-02 |
| modified | 1998-06-30 |
| published | 1998-06-30 |
| reporter | Jeff Forristal |
| source | https://www.exploit-db.com/download/19084/ |
| title | Metainfo Sendmail 2.0/2.5 & MetaIP 3.1 |
Nessus
| NASL family | Web Servers |
| NASL id | METAINFO_MAIL.NASL |
| description | The remote MetaInfo web server (installed with MetaInfo |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10141 |
| published | 1999-06-22 |
| reporter | This script is Copyright (C) 1999-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10141 |
| title | MetaInfo Web Server Traversal Arbitrary Command Execution |
| code | #
# (C) Tenable Network Security, Inc.
#
# Script audit and contributions from Carmichael Security
# Erik Anderson <[email protected]> (nb: this domain no longer exists)
# Added BugtraqID
include("compat.inc");
if (description)
{
script_id(10141);
script_version("1.34");
script_cvs_date("Date: 2018/11/15 20:50:25");
script_cve_id("CVE-1999-0268");
script_bugtraq_id(110);
script_name(english:"MetaInfo Web Server Traversal Arbitrary Command Execution");
script_summary(english:"Read everything using '../' in the URL");
script_set_attribute(attribute:"synopsis", value:"The remote host has a command execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote MetaInfo web server (installed with MetaInfo's Sendmail or
MetaIP servers) has an arbitrary command execution vulnerability. It
is possible to read files or execute arbitrary commands by prepending
the appropriate number of '../' to the desired filename. A remote
attacker could exploit this to execute arbitrary commands on the
system.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1998/Jun/235");
script_set_attribute(attribute:"solution", value:"Upgrade to the latest version of this software.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"1998/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"1999/06/22");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.");
script_dependencie("http_version.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports(5000);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = 5000;
if(get_port_state(port))
{
res = http_send_recv3(method:"GET", item:"../smusers.txt", port:port, exit_on_fail: TRUE);
rep = res[0] + res[1] + res[2];
if(" 200 " >< rep)security_hole(port);
}
|