Bugtraq mailing list archives
Re: SGI Security Advisory 19970501-01-A - Vulnerability in
From: Kari.Hurtta () OZONE FMI FI (Kari E. Hurtta)
Date: Wed, 7 May 1997 09:02:54 +0300
SGI Security Coordinator:
Silicon Graphics Inc. acknowledges the webdist.cgi security vulnerability reported by the CERT Coordination Center in their advisory CA-97:12.
I don't have seen that CERT report yet, but I suppose that this is f 27567 4430 outbox.sw.webdist var/www/cgi-bin/webdist.cgi on O2. I asked some month about these *.sysadm and *.webdist susbsystems in comp.os.sgi.* -groups, but nobody commented. Is anybody looked these *.sysadm subsystems closer. It looks quite suspicious: oxygen 2% showfiles outbox | grep cgi-bin f 37853 1197 outbox.sw.outbox var/www/cgi-bin/MachineInfo f 35963 2434 outbox.sw.outbox var/www/cgi-bin/handler f 59162 37700 outbox.sw.outbox var/www/cgi-bin/machine-cgi f 51763 37700 outbox.sw.outbox var/www/cgi-bin/outbox-cgi f 21944 703 outbox.sw.outbox var/www/cgi-bin/sgi-camera/snap f 27567 4430 outbox.sw.webdist var/www/cgi-bin/webdist.cgi f 18006 3040 outbox.sw.webdist var/www/cgi-bin/webdist.install.cgi f 52607 20808 outbox.sw.outbox var/www/cgi-bin/wrap oxygen 3% showfiles sysadmdesktop | grep cgi-bin f 57427 6301 sysadmdesktop.sw.sysadm var/www/cgi-bin/DtConfAllDone.cgi f 1454 14634 sysadmdesktop.sw.sysadm var/www/cgi-bin/QuitSysSetup.cgi f 32731 7591 sysadmdesktop.sw.sysadm var/www/cgi-bin/SysSetWrapper.cgi f 41666 3828 sysadmdesktop.sw.sysadm var/www/cgi-bin/checkProc.cgi f 37959 54084 sysadmdesktop.sw.sysadm var/www/cgi-bin/ghinv/ghinvMain f 51601 33604 sysadmdesktop.sw.sysadm var/www/cgi-bin/ghinv/memdetail f 35099 22207 sysadmdesktop.sw.sysadm var/www/cgi-bin/wwwActions.cgi f 7396 14511 sysadmdesktop.sw.sysadm var/www/cgi-bin/wwwDone.cgi oxygen 4% (Yes. I have disabeld access to these in /usr/ns-home/httpd-oxygen/config/obj.conf ) / Kari Hurtta
Current thread:
- Hole in the KDE desktop, (continued)
- Hole in the KDE desktop Alan Cox (May 05)
- A vulnerability in Lynx (all versions) fflush (May 05)
- Re: A vulnerability in Lynx (all versions) Theo de Raadt (May 05)
- SGI Security Advisory 19970101-02-PX - csetup Program SGI Security Coordinator (May 05)
- Re: Buffer Overflows: A Summary Thomas H. Ptacek (May 02)
- Comments on NT user list exploit webroot (May 05)
- Re: Buffer Overflows: A Summary Adam Shostack (May 05)
- Re: Buffer Overflows: A Summary Eilon Gishri (May 06)
- Administratrivia Aleph One (May 06)
- SGI Security Advisory 19970501-01-A - Vulnerability in webdist.cgi SGI Security Coordinator (May 06)
- Re: SGI Security Advisory 19970501-01-A - Vulnerability in Kari E. Hurtta (May 06)