eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI

[researchteam5 () esecurityonline com]

eSO Security Advisory:  2408  
Discovery Date:         April 3, 2000 
ID:                     eSO:2408
Title:                  CIDER SHADOW CGI arbitrary command execution
                        vulnerabilities 
Impact:                 Remote attackers can execute commands with the
                        privileges of the running web server process
Affected Technology:    CIDER SHADOW 1.5, 1.6 
Vendor Status:          Vendor informed
Discovered By:          Kevin Kotas of the eSecurityOnline Research
                        and Development Team 
CVE Reference:          CAN-2002-0091 

Advisory Location:
http://www.eSecurityOnline.com/advisories/eSO2408.asp 

Description:
The CIDER Project's SHADOW intrusion detection utility is vulnerable to
CGI implementation flaws that allow a remote attacker to run arbitrary
commands on the analyzer. The problem occurs due to insufficient
character verification of sent variables. For multiple CGI scripts, an
attacker can send a specially crafted URL and execute commands with
the privileges of the running server.  

Technical Recommendation:
By design, the analyzer web interface should only be reachable through
an internal network and with password authentication. Since the
possibility remains that an attacker can reach the analyzer, disable
network access to the web interface and only view the web pages
locally.  

Copyright 2002 eSecurityOnline LLC.  All rights reserved.  

THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY 
ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND,
AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF 
NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.  ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE,
CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN
THIS VULNERABILITY ALERT.