Detections
Analytics
PGPMail.pl detection
high Nessus Plugin ID 11070
Synopsis
Arbitrary commands might be run on the remote host.Description
The 'PGPMail.pl' CGI is installed.Some versions (up to v1.31 a least) of this CGI do not properly filter user input before using it inside commands. This would allow an attacker to run any command on the server.
Note: Nessus just checked the presence of this CGI but did not try to exploit the flaws.
Solution
remove it from /cgi-bin or upgrade it.See Also
http://web.archive.org/web/20080520111154/http://online.securityfocus.com/archive/82/243262
http://web.archive.org/web/20080521161800/http://online.securityfocus.com/archive/1/243408
Plugin Details
Severity: High
ID: 11070
File Name: pgpmail.nasl
Version: 1.23
Type: remote
Family: CGI abuses
Published: 8/13/2002
Updated: 1/19/2021
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: Settings/ParanoidReport
Exploit Ease: No exploit is required
Vulnerability Publication Date: 11/29/2001
Reference Information
CVE: CVE-2001-0937
BID: 3605