Bugtraq mailing list archives

Re: BigIP - bigconf.cgi holes

From: r.gilde () F5 COM (Rob Gilde)
Date: Tue, 9 Nov 1999 11:30:55 -0800


Guy Cohen wrote:
| The html interface basicly operates one program, bigconf.cgi, witch is
| installed suid root. I have not spend much time learning how to exploit this
| program, but from the bits I did, I was able to look at _any_ file
| on the system simply by giving it's name to the cgi program (with appropriate
| parameters of course).
|
| The risk here is not from the outside, as the http server is protected
| by a password, but from internal users. Less risk, but still ...

Guy is discussing an issue that affects older versions of BIG/ip.
As he points out, the risk is from internal users.  In older versions
of BIG/ip, there is effectively only one user and that user has root
privileges.  That user could execute commands as root through a shell
escape in our web-based user interface.

As of Version 2.1, this is no longer possible.  The current version
of BIG/ip is 2.1.2.  The software update is available for free over
the net to all customers with support contracts.

In Version 2.1, in response to customer feedback, we removed the shell
escape capability and also changed to multiple user levels in the
web-based user interface.

BIG/ip is a default-deny device, both for administrative traffic to it,
and for traffic passing through it.  The product uses SSH for command
line access and SSL for web access.  We welcome any feedback on how we
can make the product more secure.

Thanks!

Rob Gilde
Product Development Manager
voice: 206-505-0857
email: rob () f5 com

F5 Networks, Inc.
200 First Avenue West, Suite 500
Seattle, WA 98119
http://www.f5.com
1-888-88BIGIP

<!-- body="end" -->
<HR>

<UL>
<LI><STRONG>Next message:</STRONG> Crispin Cowan: "ImmuniX OS Security Alert: StackGuard 1.21 Released"
<LI><STRONG>Previous message:</STRONG> Elias Levy: "Re: Interscan VirusWall NT 3.23/3.3 buffer overflow."
<LI><STRONG>Maybe in reply to:</STRONG> dark spyrit: "Interscan VirusWall NT 3.23/3.3 buffer overflow."
<LI><STRONG>Next in thread:</STRONG> Guy Cohen: "Re: BigIP - bigconf.cgi holes"
<LI><STRONG>Reply:</STRONG> Guy Cohen: "Re: BigIP - bigconf.cgi holes"
</UL>
<HR>

<SMALL>

This archive was generated by hypermail 2.0b3 
on Tue Nov 09 1999 - 14:16:13 CST</EM>
</EM>
</SMALL>
</BODY>
</HTML>

Current thread:

Re: BigIP - bigconf.cgi holes Rob Gilde (Nov 09)
- Re: BigIP - bigconf.cgi holes Guy Cohen (Nov 10)
- <Possible follow-ups>
- Re: BigIP - bigconf.cgi holes Rob Gilde (Nov 10)