[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] QuickFIX:CGIWrap Update: Patched RaQ still has issues

Subject: Re: [cobalt-security] QuickFIX:CGIWrap Update: Patched RaQ still has issues
From: "K-IM" <k-imaiz@xxxxxxxxxxxxxxxxx>
Date: Mon, 2 Sep 2002 10:41:10 +0900
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,Zeffie.

----- Original Message -----
From: "Zeffie" <cobaltlist@xxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, August 30, 2002 9:03 PM
Subject: Re: [cobalt-security] QuickFIX:CGIWrap Update: Patched RaQ still
has issues

| > there are still Cross-Site-Scripting vulnerabilities
| > with latest patched CGI-Wrapper on the RaQs.
| > Atackers can steal session cookies,
| > can display  fake information on victim browser.
| > Quick FIX:(My RaQ3)
| > telnet www.domain.jp 23
|
| telnet?

Of course, to use SSH is recommended very strongly.
Thank you for your advice.

|
| > Cobalt Linux release 5.0 (Pacifica)
| > Kernel 2.2.16C28_III on an i586
|
| You haven't done the kernel update from Jan 7 2002
|

Zeffie,do you made reference about the Patche,
RaQ3-ALL-Security-4.0.1-15417.pkg?

I have searched this patche here,
Sun Cobalt Support - Sun Cobalt Product Downloads(Japan)
http://jp.sunsolve.sun.com/patches/cobalt/japan/index.html

This patche is not released in japan,  to an unhappy thing.
Luckily, it has noticed,thank you Zeffie.

| <snip>
|
| Delete your files?  Is this a another scare sales thing?

--

In Japanese official download site,
<http://jp.sunsolve.sun.com/patches/cobalt/japan/index.html>
there is a CGIWrap Update 4.0.1 PKG,named
RaQ3-All-Security-4.0.1-14985.pkg
released by SUN at 25/07/2002.

(English version is RaQ3-All-Security-4.0.1-14997.pkg,NOT14985.)

Japanese PKG deletes debugging-mode files automatically | by itself.

CERT said me,
Me> Hardlink or symlink nph-cgiwrap, nph-cgiwrapd, cgiwrapd to cgiwrap
Me> in the cgi-bin directory. Then remove nph-cgiwrapd, cgiwrapd.

CERT>This sounds like a fine solution on production systems.

Me> Put access controls on remote execution of scripts via cgiwrapd.
Me> (nph-cgiwrapd, too) Or don't allow cgiwrapd to be run in the
Me> production environment.

CERT>This is another way to disable cgiwrapd, but will probably be less
CERT>reliable than just removing it from production servers.

--
 I have another workaround taught from Michael Stauber.(thank you Michael!).
Michael said me,

>But there is an easy way to disable that by adding the following lines to
/etc/httpd/conf/access.conf:

<Location /cgiwrapDir/cgiwrapd>
Order deny,allow
Deny from all
Allow from your_trusted_ip_here
</Location>

<Location /cgiwrapDir/nph-cgiwrapd>
Order deny,allow
Deny from all
Allow from your_trusted_ip_here
</Location>

--

Thank you, Zeffie.
Thank you, Mstauber.

 ---------------------------
Katumi Imaizumi
k-imaiz@xxxxxxxxxxxxxxxxx
----------------------------

References:
- [cobalt-security] QuickFIX:CGIWrap Update: Patched RaQ still has issues
  - From: K-IM
- Re: [cobalt-security] QuickFIX:CGIWrap Update: Patched RaQ still has issues
  - From: Zeffie

Prev by Date: [cobalt-security] Cobalt security resource location (automatic reminder)
Next by Date: Re: [cobalt-security] SSL Insight
Previous by thread: Re: [cobalt-security] QuickFIX:CGIWrap Update: Patched RaQ still has issues
Next by thread: [cobalt-security] Trinity DDOS

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index