Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 MondoSearch 'MsmSetup.exe' Query String Flaw Lets Remote Users Execute Arbitrary Code
Categorie: Vulnerability
Posted: 2003-09-26 by ReCall
Views: 367
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A vulnerability was reported in MondoSearch. A remote user can execute arbitrary ASP code on the server.

PROTEGO issued a security advisory warning of a flaw in MsmSetup.exe, part of the default intallation. The advisory indicates that a remote user can exploit this flaw by sending a specially crafted query string to create files with user-supplied content on the web server with the privileges of the web server. A remote user can create an arbitrary file containing scripting code and then cause the target web server to execute the code with root level privileges.

The following notification timeline is provided:

Vendor contacted: 15-Sep-2003
Public release: 24-Sep-2003

Impact: A remote user can execute arbitrary code with the privileges of the web server process.

Solution: The vendor has issued a fix, available at:

http://www.mondosoft.com/security

A patch is available for versions 4.4, 5.0, and 5.1:

http://www.mondosoft.com/security/msp0903a.zip
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=472

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES