Bugtraq mailing list archives
OpenLinux 2.3: rpm_query
From: hariki () EL8 ORG (harikiri)
Date: Sat, 4 Mar 2000 12:32:04 -0800
This was observed on an OpenLinux 2.3 system, after performing a full insallation of all packages. NOTE: I didn't see anything on this in the Bugtraq archive, so I'm assuming it's not a known issue. [root@noname /root]# rpm -q -f /home/httpd/cgi-bin/rpm_query OpenLinux-2.3-16 [root@noname /root]# Issue The rpm_query cgi allows any individual who can connect to the web server to obtain a listing of all rpm's installed on the system. Impact Attackers may use this information to identify what vulnerable software packages have been installed. Recommendation If this cgi is not required: # chmod 0 /home/httpd/cgi-bin/rpm_query If it is required, use Apache's access control features to restrict who may use it. harikiri -- "Unless you enter the tiger's lair, you cannot get hold of the tiger's cubs."
Current thread:
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Brett Lymn (Feb 29)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Joe Shaw (Mar 01)
- <Possible follow-ups>
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow H D Moore (Feb 29)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 01)
- Foundry Networks ServerIron sequence predictability fix soon to be available Andrew van der Stock (Mar 01)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Przemyslaw Frasunek (Mar 01)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Ronald Huizer (Mar 04)
- OpenLinux 2.3: rpm_query harikiri (Mar 04)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Eugene Teo (Mar 02)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 02)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Przemyslaw Frasunek (Mar 03)
- Potential security problem with mtr Viktor Fougstedt (Mar 03)
- Re: Potential security problem with mtr LaMont Jones (Mar 03)
- Re: Potential security problem with mtr Viktor Fougstedt (Mar 03)
- [RHSA-2000:006-01] New nmh packages available bugzilla () REDHAT COM (Mar 06)
- Microsoft Security Bulletin (MS00-015) Microsoft Product Security (Mar 06)
- @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Weld Pond (Mar 07)
- Re: @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Dustin Miller (Mar 07)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 02)