Bugtraq mailing list archives
Re: Security flaw in Cobalt RaQ2 cgiwrap
From: cmadams () HIWAAY NET (Chris Adams)
Date: Tue, 9 Nov 1999 15:27:07 -0600
Once upon a time, Nathan Neulinger <nneul () UMR EDU> said:
Just wanted to point out - this is specific to the modifications that Cobalt has made to cgiwrap for their server's structure. It is not an issue with the regular version of cgiwrap.
That is correct. I'm sorry if I wasn't clear about that. It also only appears to be a problem only on the RaQ2, not the original RaQ.
I don't completely understand all of their changes, but they have added a bunch of code to how cgiwrap detects what user to run stuff as. (And got rid of cgiwrapd, one of the more useful debugging tools.)
cgiwrapd is still there, it just isn't directly obvious how to use it. If you normally call your script as http://www.site1.com/test.cgi you can call it as http://www.site1.com/cgiwrapDir/cgiwrapd/test.cgi to run it under cgiwrapd. Basically they ScriptAlias "cgiwrapDir" to the directory where cgiwrap is installed. Cobalt has an updated package available on their FTP site (I haven't received anything official about it, but I found it, installed it, and tested it). It appears to fix all of the bugs I found, and changes the behavior some. Instead of running scripts in the site's /web directory as user "nobody" and the site's group, it runs them as the owner of the script, _if_ that user is a member of the site's admin group. I like that better than running all site CGIs as "nobody". -- Chris Adams <cmadams () hiwaay net> Systems and Network Administrator - HiWAAY Information Services I don't speak for anybody but myself - that's enough trouble.
Current thread:
- Security flaw in Cobalt RaQ2 cgiwrap Chris Adams (Nov 08)
- Irfan view 3.07 buffer overflow UNYUN (Nov 08)
- Re: Security flaw in Cobalt RaQ2 cgiwrap Nathan Neulinger (Nov 08)
- Re: Security flaw in Cobalt RaQ2 cgiwrap Chris Adams (Nov 09)
- undocumented bugs - nfsd Mariusz Marcinkiewicz (Nov 09)
- Re: undocumented bugs - nfsd Olaf Kirch (Nov 10)
- rpc.nfsd exploit code Mariusz Marcinkiewicz (Nov 10)
- Re: rpc.nfsd exploit code Crispin Cowan (Nov 11)
- WU-FTPD Mnemonix (Nov 11)
- Re: WU-FTPD hayward () SLOTHMUD ORG (Nov 12)
- Re: rpc.nfsd exploit code Mariusz Marcinkiewicz (Nov 12)
- Re: rpc.nfsd exploit code Rogier Wolff (Nov 12)
- Re: undocumented bugs - nfsd Olaf Kirch (Nov 10)
- BIND NXT Bug Vulnerability Elias Levy (Nov 10)
- Re: BIND NXT Bug Vulnerability Richard Trott (Nov 10)