[Snort-sigs] rule documentation for WEB-CGI mrtg.cgi directory traversal attempt

Josh.Sakofsky at ...1573... Josh.Sakofsky at ...1573...
Wed Jun 11 12:39:02 EDT 2003


Rule: WEB-CGI mrtg.cgi directory traversal attempt

--
Sid: 1862

--
Summary: A remote user has tried to exploit a flaw on a server running 
mrtg.

--
Impact: Medium

--
Detailed Information: MRTG is a graphing program, typically used for 
diplaying statistics about network devices such as 
routers and switches. The mrtg.cgi script is vulnerable to an attack that 
can display the first line of any file on the system.
By carfting a url like so 
"http://target/mrtg.cgi?cfg=/../../../../../../../../../../path/to/file", 
a user is able to view the specified file.

--
Affected Systems: Hosts running MRTG

--
Attack Scenarios: An attacker can use the mrtg.cgi program to view the 
first line of any file.

--
Ease of Attack: Trivial

--
False Positives: None Known

--
False Negatives: None Known

--
Corrective Action: Disallow access to the mrtg.cgi program.

--
Contributors: Original rule writer unknown.
              Josh Sakofsky
-- 
Additional References: http://cgi.nessus.org/plugins/dump.php3?id=11001
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030611/36f880d6/attachment.html>


More information about the Snort-sigs mailing list