Bugtraq mailing list archives
Re: textcounter.pl SECURITY HOLE
From: lafferty () POBOX COM (Rich Lafferty)
Date: Wed, 24 Jun 1998 03:35:57 -0400
Quoting Doru Petrescu (pdoru () kappa ro) from Wed, Jun 24, 1998 at 08:51:11AM +0300:
Hi, I've found a serious problem in textcounter.pl script that enable everybody to execute commands on your system with the same rights as the httpd daemon.
Bah, that's what I get for writing things at 3:30 am. Regarding my previous post: Yes, this script's vulnerability allows execution of arbitrary commands. Part about 'same rights as http daemon' still implies poor configuration of httpd. Obviously, translate that to 'with the same rights as the user running this poorly-written prefabricated script' for a properly- configured httpd. Use cgiwrap. Don't run scripts from untrusted sources. Don't take candy from strangers. Breathe. -Rich -- Rich Lafferty -----------+------------------------------------------- Department of Sociology | "Theory means you have ideas; ideology McGill University | means ideas have you" -unknown anarchist lafferty () pobox com ------+-------------------------------------[mcq]-
Current thread:
- ncftp 2.4.3 bug Paul Boehm (Jun 20)
- <Possible follow-ups>
- Re: ncftp 2.4.3 bug Mike Gleason (Jun 22)
- Re: ncftp 2.4.3 bug Paul Boehm (Jun 22)
- Re: ncftp 2.4.3 bug Liviu Daia (Jun 23)
- textcounter.pl SECURITY HOLE Doru Petrescu (Jun 23)
- Re: textcounter.pl SECURITY HOLE Rich Lafferty (Jun 24)
- Yipes named attack Anonymous (Jun 24)
- security hole in mailx Alvaro Martinez Echevarria (Jun 24)
- Re: security hole in mailx gold (Jun 25)
- Re: security hole in mailx Casper Dik (Jun 25)
- Bug is sudo? Rhodie (Jun 25)
- Re: Bug is sudo? Warner Losh (Jun 26)
- Re: Bug is sudo? Todd C. Miller (Jun 27)
- Re: security hole in mailx Alvaro Martinez Echevarria (Jun 25)
- Re: security hole in mailx Ben Collins (Jun 25)
- Re: security hole in mailx Theo de Raadt (Jun 25)