SCO World Script Vulnerabilities

[ben () ALGROUP CO UK (Ben Laurie)]

I don't use SCO any more (well, I can give it up any time, honest), but
I still get their mags. So, this morning I was leafing through SCO
World, August '98 and September/October '98. Therein we find "Nuthin'
but Net", "Administering Your System via the Web" by Jim Mohr. This
suggests so many really Bad Things it is difficult to know where to
start, but here goes.

1. First, set up .rhosts on all your servers, so the webserver can log
in and do stuff.

2. Let the user specify the server name as a CGI parameter. Any name
they like.

3. Now, using perl, pass that name, unvetted, to rsh like so:
open(MSG,'rsh '.$server.' other stuff');

Wonderful. I wonder if we can find a SCO server running this stuff?

Oh, BTW, here's a particular gem I shall treasure forever: "Lowering
security to make Web access easier is less of a problem". Yeah, right!

Cheers,

Ben.

--
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben () algroup co uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/