Re: SGI Security Advisory 19970501-01-A - Vulnerability in

[Kari.Hurtta () OZONE FMI FI (Kari E. Hurtta)]

SGI Security Coordinator:
> Silicon Graphics Inc. acknowledges the webdist.cgi security vulnerability
> reported by the CERT Coordination Center in their advisory CA-97:12.


I don't have seen that CERT report yet, but I suppose that this is

f 27567  4430 outbox.sw.webdist       var/www/cgi-bin/webdist.cgi

on O2.

I asked some month about these *.sysadm and *.webdist susbsystems in
comp.os.sgi.* -groups, but nobody commented.

Is anybody looked these  *.sysadm subsystems closer.
It looks quite suspicious:

oxygen 2% showfiles outbox | grep cgi-bin
f 37853  1197 outbox.sw.outbox        var/www/cgi-bin/MachineInfo
f 35963  2434 outbox.sw.outbox        var/www/cgi-bin/handler
f 59162 37700 outbox.sw.outbox        var/www/cgi-bin/machine-cgi
f 51763 37700 outbox.sw.outbox        var/www/cgi-bin/outbox-cgi
f 21944   703 outbox.sw.outbox        var/www/cgi-bin/sgi-camera/snap
f 27567  4430 outbox.sw.webdist       var/www/cgi-bin/webdist.cgi
f 18006  3040 outbox.sw.webdist       var/www/cgi-bin/webdist.install.cgi
f 52607 20808 outbox.sw.outbox        var/www/cgi-bin/wrap
oxygen 3% showfiles sysadmdesktop | grep cgi-bin
f 57427  6301 sysadmdesktop.sw.sysadm   var/www/cgi-bin/DtConfAllDone.cgi
f  1454 14634 sysadmdesktop.sw.sysadm   var/www/cgi-bin/QuitSysSetup.cgi
f 32731  7591 sysadmdesktop.sw.sysadm   var/www/cgi-bin/SysSetWrapper.cgi
f 41666  3828 sysadmdesktop.sw.sysadm   var/www/cgi-bin/checkProc.cgi
f 37959 54084 sysadmdesktop.sw.sysadm   var/www/cgi-bin/ghinv/ghinvMain
f 51601 33604 sysadmdesktop.sw.sysadm   var/www/cgi-bin/ghinv/memdetail
f 35099 22207 sysadmdesktop.sw.sysadm   var/www/cgi-bin/wwwActions.cgi
f  7396 14511 sysadmdesktop.sw.sysadm   var/www/cgi-bin/wwwDone.cgi
oxygen 4%

(Yes. I have disabeld access to these in
 /usr/ns-home/httpd-oxygen/config/obj.conf
)

/ Kari Hurtta