VULHUB ™

There are a number of vulnerabilities in the Zeus Web Server, that if carried out in combination can lead to a remote root compromise. The Zeus Web Server gives its users the option to use a pre-built search CGI program for their virtual website. The program accepts (as its http form variables) server filesystem paths as its arguments. Because of this, it is possible to display any file that the server has access to. Thus, by altering parameters to "search", an attacker can obtain the password hash for the admin user by displaying the configuration file. Once a password for the admin user is cracked, it is possible to execute aribtrary commands through the web based configuration UI as root (which the configuration UI runs as).

There are a number of vulnerabilities in the Zeus Web Server, that if carried out in combination can lead to a remote root compromise. The Zeus Web Server gives its users the option to use a pre-built search CGI program for their virtual website. The program accepts (as its http form variables) server filesystem paths as its arguments. Because of this, it is possible to display any file that the server has access to. Thus, by altering parameters to "search", an attacker can obtain the password hash for the admin user by displaying the configuration file. Once a password for the admin user is cracked, it is possible to execute aribtrary commands through the web based configuration UI as root (which the configuration UI runs as).