[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] CGIWrap Update: Patched RaQ still has issues
- Subject: Re: [cobalt-security] CGIWrap Update: Patched RaQ still has issues
- From: Dan Keller <cobalt@xxxxxxxxxx>
- Date: Wed, 28 Aug 2002 19:00:41 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
At 06:51 PM 8/28/02 -0700, I wrote:
>At 02:58 AM 8/29/02 +0200, Mr. Stauber wrote:
>
>>Change the domain and the username below to one of your RaQs and see yourself:
>>
>>http://www.victim.org/cgiwrapDir/cgiwrapd/~someone/<html><s>TEST</s>
>>
>>Reveals UID, GID of "someone", his home directory and some other errands.
>>
>>All by itself it isn't that big of a deal, but I could imagine a few scenarios
>>where this information might aid in an exploitation.
>
>Hmm, I get nothing but 404 errors...
Whoops! I had a typo in my URL... now I do
indeed see the exploit at work. Indeed it is
a vulnerability on the RaQ2, even with the
recent CGIWrap patch installed. As Mr.
Stauber points out, it does reveal a UID and
a GID and a directory path... Perhaps not
a big deal, but I would prefer to keep secret
internal info like that secret and internal...
I hope another patch will soon be forthcoming.
Thanks, folks!
Dan Keller