How to correct sgdynamo.exe vulnerability

My client is trying to get  PCI compliant, but is failing on the error below:

Synopsis : The remote host has an application that is affected by an information disclosure vulnerability. Description : The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to make better attacks against the remote server. Solution: None at this time Risk Factor: Medium  / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N) Other references : OSVDB:54010
I am running the site on a windows 2008-based virtual private server, so I can configure the server as required. The file sgdynamo.exe is NOT on the server, and CGI is turned off.
The host says the problem is in my classic ASP code, but since I never use CGI or sgdynamo.exe, I havent a clue what to look for.

Do you know what I can do to get around this error and get PCI compliant?

Thank you.
Lev SeltzerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MuffyBunnyCommented:
0
Lev SeltzerAuthor Commented:
This shows me that there is no solution. I already didn't know how to solve it. I was hoping to find a way to solve it!
0
Russell_VenableCommented:
The vendor has fix for this XSS vulnerability.

Check here and read yourself. Info Here

Solution:   The vendor has released a fix for versions 5.32T and above (5.32U, 6.1, 7.00). Customers should call their Ecometry Customer Support Rep in order to obtain the fixed code. Customers should reference Job # 181625-01 when requesting the code.
the new updated code filters the HTName variable and prevents arbitrary data execution. So your internal information is safe again :)
0
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Russell_VenableCommented:
Basically from the information about the exploit you need to filter thr HTName variable just like any other user-input field and make sure that certain charcters do not get executed.
0
Lev SeltzerAuthor Commented:
I am using a new VPS. It does not have 'sgdynamo.exe' on it.
0
Russell_VenableCommented:
It has nothing to do with having it installed. You are not properly filtering your global or local variables and it is reporting it as a possible vulnerablity. Are you using Nessus for this report? What you need to do is implement user input validation also known as "Sanitizing". If it stores a value, filter the incoming data to make sure it works the way it is supposed to work. Like escape all '/' etcetera.

Here is something that you can reference. The article is old but the points they make are still valid. Except bufferoverflows in managed code. Win2008 can not be exploited easily by a bufferoverflow it would have to be a heap vulnerability if at all, but that is highly unlikely as the system returns random offsets and those offsets are very hard to keep a track of. Anyways this article explains what types of attacks are possible and what countermeasures you can use to protect yourself against them. It had a few examples. What they talk about here is how any admin should be doing on normal basis. http://msdn.microsoft.com/en-us/library/aa302426.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AdamL64Commented:
Is there some coding you can provide which would prevent this vulnerability? Would updating the "sgdynamo.exe" script on the server also work...apparently there are different versions.  Appreciate any help you can provide. My SecurityMetrics report failed because of this.  Everything else I was able to fix.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.