Zeus Web server remote root compromise
| zeus-remote-root (3380) |  High Risk |
Description:
Zeus could allow an attacker to gain privileges. If the Web server is set up with a search engine, then a malicious remote user could request any file accessible to the UID that the server is running under. An attacker could request the file with the administrator password in it and access the Web server's user interface, which is run as root, giving them remote root access.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Mon, 25 Oct 1999 07:58:21 -0500: RFP9905: Zeus webserver remote root compromise.
- Zeus Support Web site: WebServer exploit in 3.3.2.
- BID-742: Zeus Webserver Possible Remote root Compromise
- CVE-1999-0883: Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.
- OSVDB ID: 1126: Zeus Technologies Zeus Web Server Arbitrary File Retrieval
Platforms Affected:
- Zeus Zeus Web Server
Reported:
Oct 24, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net