[cobalt-security] SSI Vuln on cobalt

Subject: [cobalt-security] SSI Vuln on cobalt
From: Brett Wright <brett@xxxxxxxxxxxxx>
Date: Fri, 19 Apr 2002 17:13:00 +1200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi list

SSI pages run as the web user... so if I made a page "iseethis.shtml" withthe source:


<html>
<body>
<!--#exec cmd="for i in $(locate service.pwd);do echo $i;cat $i;done" -->
 </body>
</html>

I would get a list of all the frontpage hashes on the server. This is bad.What is the best fix for this to allow CGI to excute but not cmd


HELP!!!

Regards
Brett

References:
- [cobalt-security] Thanks! -- install ipchains on RAQ3
  - From: Sean Ward

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index