Korean

<< Back VID 21096 Severity 40 Port 80, ... Protocol TCP Class CGI Detailed Description The "webdist.cgi" is installed. Several programs provided with the Outbox Environment subsystem have been found to be insecure. These are the cgi-bin programs webdist.cgi, handler and wrap available for IRIX 5.x and 6.x. Each of these programs contain a vulnerability that allows a remote attacker to execute arbitrary commands on a remote machine with the privileges of the user owning the server process. This issue has been publically disclosed and discussed in several public forums including the BUGTRAQ mailing list in addition to security advisories CERT CA-97.12 and AUSCERT AA-97.14 To determine if the Outbox software is installed on a particular system, the following command can be used: % /usr/sbin/versions outbox.sw ¡Ø Exploitation : http://host.com/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd * References: http://www.securityfocus.com/bid/374 http://www.iss.net/security_center/static/333.php Recommendation Solution A - Change program permissions. (Log in as root on the vulnerable machine and type:) # /bin/chmod 400 /var/www/cgi-bin/webdist.cgi # /bin/chmod 400 /var/www/cgi-bin/handler # /bin/chmod 400 /var/www/cgi-bin/wrap Solution B - Removal the vulnerable outbox subsystem. (Log in as root on the vulnerable machine and remove the outbox subsystem:) # /usr/sbin/versions -v remove outbox Solution C - Patch the program Patches: Patches are available from ftp://sgigate.sgi.com/Patches for the following versions: IRIX 5.3: #2315 available from ftp://sgigate.sgi.com/Patches/5.3/patch2315.tar IRIX 6.0.x: Upgrade system or use temporary fix. IRIX 6.1: Upgrade system or use temporary fix. IRIX 6.2: #2314 available from ftp://sgigate.sgi.com/Patches/6.2/patch2314.tar IRIX 6.3: #2338 available from ftp://sgigate.sgi.com/Patches/6.3/patch2338.tar IRIX 6.4: #2338 available from ftp://sgigate.sgi.com/Patches/6.4/patch2338.tar Related URL CVE-1999-0039 (CVE) Related URL (SecurityFocus) Related URL (ISS)