Vulnerabilities > CVE-2000-0322 - Unspecified vulnerability in Redhat Linux 6.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Exploit-Db
| description | RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution. CVE-2000-0248,CVE-2000-0322. Webapps exploit for php platform |
| id | EDB-ID:16858 |
| last seen | 2016-02-02 |
| modified | 2010-10-18 |
| published | 2010-10-18 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16858/ |
| title | RedHat Piranha Virtual Server Package passwd.php3 - Arbitrary Command Execution |
Metasploit
| description | This module abuses two flaws - a metacharacter injection vulnerability in the HTTP management server of RedHat 6.2 systems running the Piranha LVS cluster service and GUI (rpm packages: piranha and piranha-gui). The vulnerability allows an authenticated attacker to execute arbitrary commands as the Apache user account (nobody) within the /piranha/secure/passwd.php3 script. The package installs with a default user and password of piranha:q which was exploited in the wild. |
| id | MSF:EXPLOIT/LINUX/HTTP/PIRANHA_PASSWD_EXEC |
| last seen | 2020-01-10 |
| modified | 2017-11-08 |
| published | 2010-02-14 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/piranha_passwd_exec.rb |
| title | RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/86303/piranha_passwd_exec.rb.txt |
| id | PACKETSTORM:86303 |
| last seen | 2016-12-05 |
| published | 2010-02-15 |
| reporter | patrick |
| source | https://packetstormsecurity.com/files/86303/RedHat-Piranha-Virtual-Server-Package-passwd.php3-Arbitrary-Command-Execution.html |
| title | RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution |
Redhat
| advisories |
|