| GEN:SID | 1:2200 |
| Message | WEB-CGI dnewsweb.cgi access |
| Summary | This event is generated when an attempt is made to access dnewsweb.cgi on an internal web server. This may indicate an attempt to exploit a buffer overflow vulnerability in NetWin DNews News Server 5.3.
|
| Impact | Remote execution of arbitrary code, possibly leading to remote root compromise.
|
| Detailed Information | NetWin DNews News is a web-based application that manages remote access to Internet newsgroups. When overly long arguments are used as arguments to some dnewsweb.cgi parameters (including but not limited to "group," "cmd," and "utag"), a buffer overflow condition may occur. This can lead to the remote execution of arbitrary code with the security context of DNews.
|
| Affected Systems | Any operating system running NetWin DNews News Server 5.3 or lower.
|
| Attack Scenarios | An attacker transmits an overly long, specially crafted URL to the vulnerable DNews server, causing a buffer overflow condition. The attacker is then able to execute arbitrary code on the server with the security context of DNews.
|
| Ease of Attack | Simple. An exploit exists.
|
| Corrective Action | Upgrade to DNews News Server 5.4 or higher.
|
| Additional References | Bugtraq http://www.securityfocus.com/bid/1172
|
| Rule References | bugtraq: 1172
bugtraq: 4579
cve: 2000-0423
nessus: 11748
|