Short Name |
HTTP:IRIX:CGI-BIN-REMOTE-EXEC |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IRIX cgi-bin Handler Remote Execution |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against the handler CGI script in SGI IRIX. Attackers can send URL request containing maliciously crafted arguments, which can allow them to execute arbitrary commands with the same privileges as the Web server.
A vulnerability exists in the cgi-bin program 'handler', as included by Silicon Graphics in their Irix operating system. This vulnerability will allow a remote attacker to execute arbitrary commands on the vulnerable host as the user the web server is running as. This can easily result in a user being able to access the system.