Remote code execution in GoAhead - CVE-2017-17562
Published: December 28, 2017 / Updated: February 23, 2023
Vulnerability identifier: #VU9817
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2017-17562
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Elttam
Affected software:
GoAhead
GoAhead
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to an error in the cgiHandler function when CGI is enabled and a CGI program is dynamically linked. A remote attacker can make untrusted HTTP request parameters containing shared object payload in the cgiHandler function in cgi.c, allocate an array of pointers for the envp argument of the new process, initialize the environment of forked CGI scripts and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to an error in the cgiHandler function when CGI is enabled and a CGI program is dynamically linked. A remote attacker can make untrusted HTTP request parameters containing shared object payload in the cgiHandler function in cgi.c, allocate an array of pointers for the envp argument of the new process, initialize the environment of forked CGI scripts and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-17562
Update to version 3.6.5.