SCO Unixware "/search97cgi/vtopic" Vulnerability
BID:1663
Info
SCO Unixware "/search97cgi/vtopic" Vulnerability
| Bugtraq ID: | 1663 |
| Class: | Origin Validation Error |
| CVE: |
CVE-2000-0842 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Sep 11 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list by Olle Segerdahl <[email protected]> on Mon, 11 Sep 2000. |
| Vulnerable: |
SCO Unixware 7.0 |
| Not Vulnerable: | |
Discussion
SCO Unixware "/search97cgi/vtopic" Vulnerability
Certain versions of SCO Unixware ship with a web enabled help system which is installed by default. This system, httpd-scohelphttp, ships with a faulty CGI program which will allow remote users to view files which are viewable to the account under which the web server is run as (typically 'nobody').
The problem in specific is in the following CGI:
/usr/ns-home/httpd-scohelphttp/search97cgi/vtopic
This CGI makes use of a parameter called ViewTemplate that points to an HTML Template for use with search results:
http://unixware7box:457/search97cgi/vtopic?action=view&ViewTemplate=
However, the CGI does not place any restrictions on the relative path and a user may supply their own and thereby move outside the web root directory by walking down the directory structure (../) .
Certain versions of SCO Unixware ship with a web enabled help system which is installed by default. This system, httpd-scohelphttp, ships with a faulty CGI program which will allow remote users to view files which are viewable to the account under which the web server is run as (typically 'nobody').
The problem in specific is in the following CGI:
/usr/ns-home/httpd-scohelphttp/search97cgi/vtopic
This CGI makes use of a parameter called ViewTemplate that points to an HTML Template for use with search results:
http://unixware7box:457/search97cgi/vtopic?action=view&ViewTemplate=
However, the CGI does not place any restrictions on the relative path and a user may supply their own and thereby move outside the web root directory by walking down the directory structure (../) .
Exploit / POC
SCO Unixware "/search97cgi/vtopic" Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
SCO Unixware "/search97cgi/vtopic" Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].