Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Tue, 4 Aug 1998 07:41:24 -0700
From: Tom <dod@muenster.net>
To: BUGTRAQ@netspace.org
Subject: remote exploit in faxsurvey cgi-script

Hi!

There exist a bug in the 'faxsurvey' CGI-Script, which allows an
attacker to execute any command s/he wants with the
permissions of the HTTP-Server.

All the attacker has to do is type
"http://joepc.linux.elsewhere.org/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd"
in his favorite Web-Browser to get a copy of your Password-File.

All S.u.S.E. 5.1 and 5.2 Linux Dist. (and I think also older ones) with
the HylaFAX package installed are vulnerable to this attack.

AFAIK the problem exists in the call of 'eval'.

I notified the S.u.S.E. team (suse.de) about that problem.
Burchard Steinbild <bs@suse.de> told me, that they have not enough time
to fix that bug for their 5.3 Dist., so they decided to just remove the
script from the file list.

I advise you to *immediately* remove/chown the cgi-script;
script-kiddies will
just rewrite their 'phfscan'...

Bye,
        Tom

PS: Look at my homepage for more informations about my packetfilter
analyser.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

ПОДПИШИСЬ НА ЖУРНАЛ Linux Format 2012! Журнал "Linux Format" (Линукс Формат)- Единственный в России и странах СНГ журнал на русском языке, посвящённый Linux и свободному ПО. Журнал для IT-директоров, IT-менеджеров, программистов, системных администраторов, учителей школ и преподавателей ВУЗов и всех пользователей ПК. В каждом выпуске: Новости индустрии OpenSource, обзоры новинок свободного ПО, обучающие и методические статьи. Каждый, кто оформит подписку, получает бонусы и подарки- объёмные наклейки на системный блок, диск с архивом номеров за 2005-2011 г.г. и ежемесячно электронную версию журнала в pdf-формате. Оформить подписку на год