Intrusion Prevention

BNB.Survey.CGI.Remote.Command.Execution

Description

It indicate a possible exploit of a Remote Command Execution vulnerability in Big Nose Bird.


Big Nose Bird provides a script, Survey.cgi, which provides a Web Survey function that does not sufficiently validate user supplied data and allows meta-characters. An attacker can exploit this vulnerability and execute shell commands with the privileges of the web server.

Affected Products

Big Nose Bird BNBSurvey 1.0

Impact

Execution of arbitrary shell commands. Potential System compromise.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-1999-0936