BSCW Remote Command Execution Vulnerability

BSCW (Basic Support for Cooperative Work) is a web-based groupware application, allowing users to share a workspace via a web interface. It runs on Microsoft Windows NT/2000 systems, as well as a number of Linux and Unix variants.

BSCW provides functionality for calling external programs to perform conversions from one file format to another file format, such as from GIF to JPEG.

However, BSCW does not filter some shell metacharacters(such as '&',';', and '^') from requests to external file conversion programs. This makes it possible for an attacker to execute arbitrary commands on the host, with the privileges of the user running BSCW. This may allow the attacker to gain local, interactive access to the host.


Privacy Statement
Copyright 2010, SecurityFocus