Remote code execution in Elttam GoAhead

Published: 2017-12-28 11:33:35
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2017-17562
CVSSv3 9.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software GoAhead
Vulnerable software versions GoAhead -
Vendor URL Elttam

Security Advisory

1) Remote code execution

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error in the cgiHandler function when CGI is enabled and a CGI program is dynamically linked. A remote attacker can make untrusted HTTP request parameters containing shared object payload in the cgiHandler function in cgi.c, allocate an array of pointers for the envp argument of the new process, initialize the environment of forked CGI scripts and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 3.6.5.

External links

https://www.elttam.com.au/blog/goahead/

Back to List