[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] CGIWrap Update: Patched RaQ still has issues

Subject: Re: [cobalt-security] CGIWrap Update: Patched RaQ still has issues
From: Dan Keller <cobalt@xxxxxxxxxx>
Date: Wed, 28 Aug 2002 19:00:41 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

At 06:51 PM 8/28/02 -0700, I wrote:
>At 02:58 AM 8/29/02 +0200, Mr. Stauber wrote:
>
>>Change the domain and the username below to one of your RaQs and see yourself:
>>
>>http://www.victim.org/cgiwrapDir/cgiwrapd/~someone/<html><s>TEST</s>
>>
>>Reveals UID, GID of "someone", his home directory and some other errands.
>>
>>All by itself it isn't that big of a deal, but I could imagine a few scenarios 
>>where this information might aid in an exploitation.
>
>Hmm, I get nothing but 404 errors...

Whoops!  I had a typo in my URL... now I do
indeed see the exploit at work.  Indeed it is
a vulnerability on the RaQ2, even with the
recent CGIWrap patch installed.  As Mr.
Stauber points out, it does reveal a UID and
a GID and a directory path...  Perhaps not
a big deal, but I would prefer to keep secret
internal info like that secret and internal...
I hope another patch will soon be forthcoming.

Thanks, folks!

Dan Keller

References:
- [cobalt-security] CGIWrap Update: Patched RaQ still has issues
  - From: Michael Stauber
- Re: [cobalt-security] CGIWrap Update: Patched RaQ still has issues
  - From: Dan Keller

Prev by Date: Re: [cobalt-security] CGIWrap Update: Patched RaQ still has issues
Next by Date: RE: [cobalt-security] CGIWrap Update: Patched RaQ still has issues
Previous by thread: RE: [cobalt-security] CGIWrap Update: Patched RaQ still has issues
Next by thread: [cobalt-security] Unwonted mail redirecting

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index