Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1130

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1130
Last Modified 05 Sep 2008 04:25:45
Published 02 Aug 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1130

Summary

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

Vulnerable Systems

Operating System

  • Suse Linux 6.0

  • Suse Linux 6.3

  • Suse Linux 6.4

  • Suse Linux 7.0

  • Suse Linux 7.1

  • Suse Linux 7.2


References

XF - sdbsearch-cgi-command-execution(7003)

BUGTRAQ - 20010802 suse: sdbsearch.cgi vulnerability

SUSE - SuSE-SA:2001:027


Last Updated: 27 May 2016 10:36:32