Vulnerabilities > CVE-2001-1130 - Unspecified vulnerability in Suse Linux

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

suse

nessus

exploit available

NVD

Published: 2001-08-02

Updated: 2017-10-10

Summary

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

Vulnerable Configurations

Part	Description	Count
OS	Suse Suse Suse Linux 6.0 Suse Suse Linux 6.3 Suse Suse Linux 6.4 Suse Suse Linux 7.0 Suse Suse Linux 7.1 Suse Suse Linux 7.2	6

Exploit-Db

description	SuSE 6.3/6.4/7.0 sdb Arbitrary Command Execution Vulnerability. CVE-2001-1130. Remote exploit for linux platform
id	EDB-ID:21075
last seen	2016-02-02
modified	2001-08-02
published	2001-08-02
reporter	Maurycy Prodeus
source	https://www.exploit-db.com/download/21075/
title	SuSE 6.3/6.4/7.0 sdb Arbitrary Command Execution Vulnerability

Nessus

NASL family	CGI abuses
NASL id	SDBSEARCH.NASL
description	SuSE CGI
last seen	2020-06-01
modified	2020-06-02
plugin id	10720
published	2001-08-13
reporter	This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10720
title	SuSE Support Data Base sbsearch.cgi Arbitrary Command Execution

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References