Detections
Analytics

mathTeX mathtex.cgi getdirective Function dpi Tag Arbitrary Code Execution

high Nessus Plugin ID 49778

Language:

Synopsis

The remote web server contains a CGI script that allows execution of arbitrary commands.

Description

The remote web server hosts mathTeX, a CGI script for displaying math on the web.

The version of this application installed on the remote host fails to sanitize input via the 'dpi' or 'density' tags in an expression of shell metacharacters in the 'getdirective' function before using it in a call to the Perl 'system()' function.

An unauthenticated, remote attacker can leverage this issue to execute arbitrary code on the remote host subject to the privileges under which the web server operates.

Solution

Upgrade to a version of mathTeX released on or after July 13th, 2009.

See Also

http://ocert.org/advisories/ocert-2009-010.html

https://seclists.org/bugtraq/2009/Jul/75

http://www.nessus.org/u?f7e19804

Plugin Details

Severity: High

ID: 49778

File Name: mathtex_dpi_exec.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 10/6/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 5/26/2009

Vulnerability Publication Date: 5/25/2009

Reference Information

CVE: CVE-2009-1383

BID: 43599

CWE: 78