File: 2116.txt

package info (click to toggle)
snort 2.3.3-11
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 22,512 kB
  • ctags: 11,344
  • sloc: ansic: 70,967; sh: 4,848; makefile: 748; perl: 478; sql: 212
file content (62 lines) | stat: -rw-r--r-- 1,309 bytes parent folder | download | duplicates (8)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Rule:

--
Sid:
2116


--
Summary:
This event is generated when an attempt is made to access the cgi script chipcfg.cgi.

--
Impact:
Information gathering. This is an attempt to gain information about the network device and possibly other network information.

--
Detailed Information:
The IPC@CHIP is used in network devices for remote access and configuration of the device. It includes an embedded web server, ftp server and telnet daemon.

This could be an attempt to gain intelligence about the device confguration or information on the rest of the network the device is connected to.

--
Attack Scenarios:
The attacker merely needs to make an HTTP GET request for the chipcfg.cgi script.

--
Ease of Attack:
Simple HTTP GET.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:
The script can be rmoved from the device by using the function CGI_REMOVE. Check vendor documentation for details.

--
Contributors:
Sourcefire Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

Bugtraq:
http://www.securityfocus.com/bid/2767

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1341

CERT:
http://www.kb.cert.org/vuls/id/574739

CGI Security:
http://www.cgisecurity.com/archive/webservers/chip_multi_holes_and_webserver.txt

--