Linux Directory Penguin NSLookup Perl Script Arbitrary File Reading Vulnerability

Penguin nslookup.pl is a freely available, open source script for tracing network hops from a web server. It is distributed by Linux Directory.

The Penguin nslookup script does not adequately filter special characters. This makes it possible for a remote user to access specific files on the local system. The attacker may read files that are accessible by the web server. Additionally, the attacker may be able to execute arbitrary commands with the permissions of the web server by encapsulating commands in special characters.


 

Privacy Statement
Copyright 2010, SecurityFocus