Bugtraq mailing list archives

Re: Problem with FrontPage on Cobalt RaQ2/RaQ3

From: sitz () ONASTICK NET (Noah)
Date: Tue, 23 May 2000 13:54:44 -0400


On Tue, 23 May 2000, Chris Adams wrote:

You can bypass cgiwrap because the Apache config files have the line
"AllowOverride All".  All you have to do is create an .htaccess file
with these lines in it:

Options +ExecCGI
AddHandler cgi-script .cgi


Ah, but you see, here's the kicker. Unless the FPE for Unix have changed
drastically since last I frobbed with them, they *require* "AllowOverride
All" in order to work correctly.

Which is not to say there may not be another fix for this particular
issue. You can use "order deny,allow" and "{deny,allow} from" directives
to limit access from trusted IPs, for starters. Which doesn't eliminate
the issue, but certainly contains it somewhat. This makes the assumption
that such a fix will function correctly in your environment, of course.

--noah

"information warfare is a growth industry"
                            - David Loundy

Current thread:

Problem with FrontPage on Cobalt RaQ2/RaQ3 Chris Adams (May 23)
- Alert: Buffer overflow in Rockliffe's MailSite Cerberus Security Team (May 17)
- Alert: Carello File Creation flaw Cerberus Security Team (May 17)
- Re: Problem with FrontPage on Cobalt RaQ2/RaQ3 Noah (May 23)
  - Re: Problem with FrontPage on Cobalt RaQ2/RaQ3 Chris Adams (May 23)