SuSE Apache CGI Source Code Viewing Vulnerability
BID:1658
Info
SuSE Apache CGI Source Code Viewing Vulnerability
| Bugtraq ID: | 1658 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Sep 07 2000 12:00AM |
| Updated: | Sep 07 2000 12:00AM |
| Credit: | This vulnerability was revealed in an @stake Advisory (A090700-2) on September 7, 2000. |
| Vulnerable: |
SuSE Linux 6.4 SuSE Linux 6.3 |
| Not Vulnerable: | |
Discussion
SuSE Apache CGI Source Code Viewing Vulnerability
SuSE Linux versions 6.3 and 6.4 (previous versions may also be vulnerable) installs Apache web server (version 1.3.12 in version 6.4 of SuSE)
Apache configuration file /etc/httpd/httpd.conf contains an entry (Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/). Therefore, files in /cgi-bin/ can be accessed via URLs of the format http://target/cgi-bin-sdb as well. Because the path does not contain the string /cgi-bin/, improper permissions will be assigned, and the file will be sent to the client as opposed to being executed on the server.
This renders it possible to view the source code of CGI scripts stored in /cgi-bin/.
SuSE Linux versions 6.3 and 6.4 (previous versions may also be vulnerable) installs Apache web server (version 1.3.12 in version 6.4 of SuSE)
Apache configuration file /etc/httpd/httpd.conf contains an entry (Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/). Therefore, files in /cgi-bin/ can be accessed via URLs of the format http://target/cgi-bin-sdb as well. Because the path does not contain the string /cgi-bin/, improper permissions will be assigned, and the file will be sent to the client as opposed to being executed on the server.
This renders it possible to view the source code of CGI scripts stored in /cgi-bin/.
Exploit / POC
SuSE Apache CGI Source Code Viewing Vulnerability
Currently the SecurityFocus staff are not aware of any publicly available exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any publicly available exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
SuSE Apache CGI Source Code Viewing Vulnerability
Solution:
The offending entry in /etc/httpd/httpd.conf may be commented out with a '#':
#Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/
Alternatively, the line may be changed to:
ScriptAlias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/
Having made this change, stop and restart the server. By doing this CGI scripts may now be executed, but not read.
Solution:
The offending entry in /etc/httpd/httpd.conf may be commented out with a '#':
#Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/
Alternatively, the line may be changed to:
ScriptAlias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/
Having made this change, stop and restart the server. By doing this CGI scripts may now be executed, but not read.