RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution Vulnerability

A vulnerability exists in the passwd.php3 cgi-bin script, as included by RedHat as part of the Piranha virtual server package, in RedHat Linux 6.2. Due to improper checking of input, it is possible for any user who can authenticate to the Piranha package to execute arbitrary commands, with the effective id of the web server. This may be used to leverage access to the machine, resulting in further compromise.


 

Privacy Statement
Copyright 2010, SecurityFocus