Bugtraq mailing list archives
[Cobalt] Security Advisory - cgiwrap
From: jeffb () COBALT COM (Jeff Bilicki)
Date: Tue, 9 Nov 1999 15:09:39 -0800
Cobalt Networks -- Security Advisory -- 11.09.1999 Problem: The current version of cgiwrap that runs on RaQ 2 and RaQ 3i, runs under incorrect effective permissions, which could let a malicious site-admin view or modify data in another virtual site on the same unit. Description: Thanks to Chris Adams <cmadams () hiwaay net> Chris Adams wrote:
There is a problem (actually several) with the "cgiwrap" program on Cobalt RaQ2 servers. It is supposed to run CGI programs as the proper user instead of "nobody" to make CGIs a little more secure.
[SNIP]
The bigger problem is that cgiwrap apparently interprets top level directories of the site /web directory as users. So if you have a CGI in a directory like /home/sites/site1/web/test/test.cgi and attempt to go to it at http://www.site1.com/test/test.cgi AND there is a user on the system named "test", cgiwrap thinks it should run the script as user "test". It then actually attempts to run a script in /web directory of the user "test".
[SNIP] Cobalt Networks is dedicated to providing secure platforms. Accordingly, we have just completed a fix for this bug that is available in RPM format, which can be found at the following locations: RaQ 3i (x86) RPM: ftp://ftp.cobaltnet.com/pub/experimental/secuirty/rpms/cgiwrap-pacifica-3.6.4.C5.i386.rpm SRPM: ftp://ftp.cobaltnet.com/pub/experimental/secuirty/srpms/cgiwrap-pacifica-3.6.4.C5.src.rpm RaQ 2 (MIPS) RPM: ftp://ftp.cobaltnet.com/pub/experimental/secuirty/rpms/cgiwrap-raq2-3.6.4.C5.mips.rpm SRPM: ftp://ftp.cobaltnet.com/pub/experimental/secuirty/srpms/cgiwrap-raq2-3.6.4.C5.src.rpm MD5 sum Package Name -------------------------------------------------------------------------- 701b43ba607edee44c684ac2d428e710 cgiwrap-pacifica-3.6.4.C5.i386.rpm 41b7277afefb199c01a212dc86dab05b cgiwrap-pacifica-3.6.4.C5.src.rpm 0484a11647a3700fa0b9afe431c55d19 cgiwrap-raq2-3.6.4.C5.mips.rpm 5f3b483c352d25b3b11d266811e8b933 cgiwrap-raq2-3.6.4.C5.src.rpm You can verify each rpm using the following command: rpm --checksig [package] To install, use the following command, while logged in as root: rpm -U [package] The package file format (pkg) for this fix is currently in testing, and will be available in the very near future. Jeff Bilicki Software Engineer Cobalt Networks jeffb () cobalt com
Current thread:
- MS Outlook alert : Cuartango Active Setup, (continued)
- MS Outlook alert : Cuartango Active Setup Elias Levy (Nov 08)
- BigIP - bigconf.cgi holes Guy Cohen (Jun 13)
- Re: MS Outlook alert : Cuartango Active Setup David LeBlanc (Nov 08)
- Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Mark (Nov 08)
- Insecure handling of NetSol maintainer passwords jlewis () LEWIS ORG (Nov 08)
- flaw in dmesg under Solaris echo8 (Nov 09)
- Re: Insecure handling of NetSol maintainer passwords Jefferson Ogata (Nov 09)
- Re: Insecure handling of NetSol maintainer passwords pedward () WEBCOM COM (Nov 10)
- Re: Insecure handling of NetSol maintainer passwords Trevor Schroeder (Nov 10)
- networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) Jefferson Ogata (Nov 10)
- [Cobalt] Security Advisory - cgiwrap Jeff Bilicki (Nov 09)
- MS Outlook alert : Cuartango Active Setup Elias Levy (Nov 08)
- Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Andy Helsby (Nov 09)
- Re: FreeBSD 3.3's seyon vulnerability Bill Fumerola (Nov 09)
- Re: IE4/5 "file://" buffer overflow Mikael Olsson (Nov 09)
- (no subject) Ejovi Nuwere (Nov 09)
- Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability Ussr Labs (Nov 09)
- Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability Ussr Labs (Nov 10)