• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Avenger's News System Remote Command Execution Vulnerability

Avenger's News System (ANS) is a simple form-based web site management tool written in Perl. It will run on most Unix and Linux variants.

ANS does not filter shell metacharacters from web requests, making it prone to remote command execution attacks. As a result, a remote attacker may execute commands on the underlying shell of the host running the vulnerable software. Commands will be executed with the privileges of the webserver process.

Successful exploitation of this vulnerability may allow a remote attacker to gain local access to the host running the vulnerable software.