eSO Security Advisory: 2408 
Discovery Date: April 3, 2000 
ID: eSO:2408 
Title: CIDER SHADOW CGI arbitrary command execution 
                        vulnerabilities 
Impact: Remote attackers can execute commands with the 
                        privileges of the running web server process 
Affected Technology: CIDER SHADOW 1.5, 1.6 
Vendor Status: Vendor informed 
Discovered By: Kevin Kotas of the eSecurityOnline Research 
                        and Development Team 
CVE Reference: CAN-2002-0091 

Advisory Location: 
http://www.eSecurityOnline.com/advisories/eSO2408.asp 

Description: 
The CIDER Project's SHADOW intrusion detection utility is vulnerable to 
CGI implementation flaws that allow a remote attacker to run arbitrary 
commands on the analyzer. The problem occurs due to insufficient 
character verification of sent variables. For multiple CGI scripts, an 
attacker can send a specially crafted URL and execute commands with 
the privileges of the running server. 

Technical Recommendation: 
By design, the analyzer web interface should only be reachable through 
an internal network and with password authentication. Since the 
possibility remains that an attacker can reach the analyzer, disable 
network access to the web interface and only view the web pages 
locally. 

Copyright 2002 eSecurityOnline LLC. All rights reserved. 

THE INFORMATION IN THIS VULNERABILITY ALERT IS PROVIDED BY 
ESECURITYONLINE LLC "AS IS", "WHERE IS", WITH NO WARRANTY OF ANY KIND, 
AND ESECURITYONLINE LLC HEREBY DISCLAIMS THE IMPLIED WARRANTIES OF 
NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
PURPOSE. ESECURITYONLINE LLC SHALL HAVE NO LIABILITY FOR ANY DAMAGE, 
CLAIM OR LOSS RESULTING FROM YOUR USE OF THE INFORMATION CONTAINED IN 
THIS VULNERABILITY ALERT.