VULHUB ™

A remote format string vulnerability exists in pwc.cgi, a script designed to permit administrators to change user passwords remotely via a browser. Due to a failure to properly validate user-supplied input argumenting a call to syslog(), it is possible for a remote attacker to supply malicious input to the script which contains hostile shellcode. Properly exploited, the supplied code will execute with the privilege level of the webserver process.

A remote format string vulnerability exists in pwc.cgi, a script designed to permit administrators to change user passwords remotely via a browser. Due to a failure to properly validate user-supplied input argumenting a call to syslog(), it is possible for a remote attacker to supply malicious input to the script which contains hostile shellcode. Properly exploited, the supplied code will execute with the privilege level of the webserver process.