mnoGoSearch SQL-based Search Engine Software Has Heap Overflow That Lets Remote Users Execute Arbitrary Code with the Privileges of the Web Server
SecurityTracker Alert ID: 1004282|
SecurityTracker URL: http://securitytracker.com/id/1004282
(Links to External Site)
Updated: Jul 28 2003|
Original Entry Date: May 11 2002
Execution of arbitrary code via network, User access via network|
Vendor Confirmed: Yes Exploit Included: Yes |
Version(s): 3.1.19 and prior|
A vulnerability was reported in the mnoGoSearch engine. A remote user could execute arbitrary code on the system.|
qitest1 issued a security advisory warning of a heap overflow in the mnoGoSearch SQL-based web search engine. A remote user can create a URL query string with a long query value for 'q' to trigger the vulnerability and cause arbitrary code to be executed. The format for the query is:
The code would be executed with the privileges of the web server.
A remote user can execute arbitrary code on the system with the privileges of the web server.|
According to the report, the authors of the code have indicated that the vulnerability has been fixed in the cvs version. However, the stable version that is recommended on the vendor web site is reported to still be vulnerable.|
Vendor URL: www.mnogosearch.org/ (Links to External Site)
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
This archive entry has one or more follow-up message(s) listed below.|
Source Message Contents
Subject: Bug in mnogosearch-3.1.19|
Content-Type: TEXT/PLAIN; charset=US-ASCII
qitest1 security advisory #003
Bug in mnogosearch-3.1.19 and prior
mnoGoSearch is a full-featured SQL based web search engine,
available from http://www.mnogosearch.org.
When receiving a too long query string (q var), search.cgi
segfaults (http://127.0.0.1/cgi-bin/search.cgi?q=query). The bug
resides in a bad management of heap-allocated memory. The bug could
be abused by remote attackers to execute code with web server
Authors were contacted a month ago: they told me that the cvs
version had been fixed. Nevertheless the stable version
recommended on their web site is still bugged. At the moment you
should disable search.cgi, use the stupid patch attached to this
advisory (for 3.1.19) or alternatively install last cvs version.
---- q1-- http://qitest1.0xfee1dead.net/
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="mnogosearch-3.1.19.patch"
Content-Disposition: attachment; filename="mnogosearch-3.1.19.patch"