Vulnerability Development mailing list archives
Re: Administrivia #5218
From: lamont () ICOPYRIGHT COM (Granquist, Lamont)
Date: Mon, 24 Jan 2000 11:59:26 -0800
If someone can access your analysis machine and run these scripts with their own parameters, then you've got a huge problem above and beyond any vulnerabilities in these scripts. On Sat, 22 Jan 2000, kjkotas wrote:
Yes, a few of the CGI scripts of the Shadow distribution are weak and easily exploitable. This is not much of a challenge, but true the exploits have not been published. In one of the Perl CGI scripts, the author even writes the following: # # Unfortunately, we can't generalize rules for specifying valid tcpdump # filters, since a lot of special characters are acceptable. Fortunately,we # call the script directly, i.e. no shell and enclose the tcpdump filter # in quotes. # It pretty much says ';exploit me;'. The weak scripts that I found all do not have sufficient checking of command parameters similar to the above. In particular, I have found the following scripts vulnerable: pat_match_form.cgi (Version 1.5, 1.6) mday-search.cgi (Version 1.6) scan_search.cgi (Version 1.5) nmap.cgi (Version 1.6) kjk On Fri, 21 Jan 2000, Blue Boar wrote:I'm told there are unpublished exploits for this package: http://www.nswc.navy.mil/ISSEC/CID/
Current thread:
- Re: Secure coding in C (was Re: Administrivia #4883), (continued)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) CyberPsychotic (Jan 22)
- Re: Secure coding in C (was Re: Administrivia #4883) Marc Esipovich (Jan 21)
- Generalized List of Threats and Vulnerabilities Dave Drake (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Seth R Arnold (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Crispin Cowan (Jan 23)
- Re: Generalized List of Threats and Vulnerabilities John Duksta (Jan 21)
- Administrivia #5218 Blue Boar (Jan 21)
- Re: Administrivia #5218 Imran Ghory (Jan 22)
- Re: Administrivia #5218 kjkotas (Jan 22)
- Re: Administrivia #5218 Granquist, Lamont (Jan 24)
- Re: Administrivia #5218 Bob Fiero (Jan 22)
- bruterh.sh & syslogd & [g]libc & proftpd & wu-ftpd & sendmail Michal Zalewski (Jan 23)
- things to break.. Inedag () AOL COM (Jan 23)
- CGI insecurities hypoclear - lUSt - (Linux Users Strike Today) (Jan 23)
- HTTP scanners? Scorpus Kahn (Jan 15)
- Re: HTTP scanners? Seth R Arnold (Jan 24)
- Re: CGI insecurities David Taylor (Jan 23)
- Re: CGI insecurities Blue Boar (Jan 23)
- Re: things to break.. Matthew S. Hallacy (Jan 23)
- Re: things to break.. Jeff Bachtel (Jan 23)