• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3437
  • Last Modified:

How to correct sgdynamo.exe vulnerability

My client is trying to get  PCI compliant, but is failing on the error below:

Synopsis : The remote host has an application that is affected by an information disclosure vulnerability. Description : The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to make better attacks against the remote server. Solution: None at this time Risk Factor: Medium  / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N) Other references : OSVDB:54010
I am running the site on a windows 2008-based virtual private server, so I can configure the server as required. The file sgdynamo.exe is NOT on the server, and CGI is turned off.
The host says the problem is in my classic ASP code, but since I never use CGI or sgdynamo.exe, I havent a clue what to look for.

Do you know what I can do to get around this error and get PCI compliant?

Thank you.
0
Lev Seltzer
Asked:
Lev Seltzer
1 Solution
 
MuffyBunnyCommented:
0
 
Lev SeltzerAuthor Commented:
This shows me that there is no solution. I already didn't know how to solve it. I was hoping to find a way to solve it!
0
 
Russell_VenableCommented:
The vendor has fix for this XSS vulnerability.

Check here and read yourself. Info Here

Solution:   The vendor has released a fix for versions 5.32T and above (5.32U, 6.1, 7.00). Customers should call their Ecometry Customer Support Rep in order to obtain the fixed code. Customers should reference Job # 181625-01 when requesting the code.
the new updated code filters the HTName variable and prevents arbitrary data execution. So your internal information is safe again :)
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Russell_VenableCommented:
Basically from the information about the exploit you need to filter thr HTName variable just like any other user-input field and make sure that certain charcters do not get executed.
0
 
Lev SeltzerAuthor Commented:
I am using a new VPS. It does not have 'sgdynamo.exe' on it.
0
 
Russell_VenableCommented:
It has nothing to do with having it installed. You are not properly filtering your global or local variables and it is reporting it as a possible vulnerablity. Are you using Nessus for this report? What you need to do is implement user input validation also known as "Sanitizing". If it stores a value, filter the incoming data to make sure it works the way it is supposed to work. Like escape all '/' etcetera.

Here is something that you can reference. The article is old but the points they make are still valid. Except bufferoverflows in managed code. Win2008 can not be exploited easily by a bufferoverflow it would have to be a heap vulnerability if at all, but that is highly unlikely as the system returns random offsets and those offsets are very hard to keep a track of. Anyways this article explains what types of attacks are possible and what countermeasures you can use to protect yourself against them. It had a few examples. What they talk about here is how any admin should be doing on normal basis. http://msdn.microsoft.com/en-us/library/aa302426.aspx
0
 
AdamL64Commented:
Is there some coding you can provide which would prevent this vulnerability? Would updating the "sgdynamo.exe" script on the server also work...apparently there are different versions.  Appreciate any help you can provide. My SecurityMetrics report failed because of this.  Everything else I was able to fix.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Tackle projects and never again get stuck behind a technical roadblock.
Join Now