CVE-2002-1361 - overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows

CVE-2002-1361

Summary

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.

References

http://marc.info/?l=bugtraq&m=103912513522807&w=2
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377
http://www.cert.org/advisories/CA-2002-35.html
http://www.ciac.org/ciac/bulletins/n-025.shtml
http://www.kb.cert.org/vuls/id/810921
http://www.securityfocus.com/bid/6326
https://exchange.xforce.ibmcloud.com/vulnerabilities/10776

Vulnerable Configurations

cpe:2.3:h:sun:cobalt_raq_4:*:*:*:*:*:*:*:*
cpe:2.3:h:sun:cobalt_raq_4:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 10-10-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	6326
bugtraq	20021205 Cobalt RaQ4 Remote root exploit
cert	CA-2002-35
cert-vn	VU#810921
ciac	N-025
sunalert	49377
xf	cobalt-shp-overflow-privileges(10776)

Last major update

10-10-2017 - 01:30

Published

23-12-2002 - 05:00

Last modified

10-10-2017 - 01:30