{"vuid":"VU#185251","idnumber":"185251","name":"cgiemail web-based email system does not adequately validate user input thereby causing buffer overflow in cgisco.c","keywords":["cgiemail","web-based email","user input","buffer overflow","cgisco.c"],"overview":"There exists a buffer overflow vulnerability in cgiemail that allows execution of arbitrary code.","clean_desc":"cgiemail is a CGI program maintained that composes data submitted on Web forms into email messages. The cgicso.c component of the web-based email system cgiemail contains a buffer overflow vulnerability.","impact":"HTTP clients may execute arbitrary code on the web server, with the privileges of the web server process.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"Remove cgiemail from web servers that serve untrusted clients.","sysaffected":"","thanks":"Thanks to Security Tracker for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["http://securitytracker.com/alerts/2001/Sep/1002395.html","http://web.mit.edu/wwwdev/cgiemail/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-12-20T17:11:26Z","publicdate":"2002-01-16T00:00:00Z","datefirstpublished":"2002-01-16T23:39:32Z","dateupdated":"2002-01-16T23:39:36Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"5","cam_impact":"10","cam_easeofexploitation":"17","cam_attackeraccessrequired":"20","cam_scorecurrent":"7.96875","cam_scorecurrentwidelyknown":"9.5625","cam_scorecurrentwidelyknownexploited":"15.9375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.96875,"vulnote":null}