Multiple Vendor BSD Global Port Package CGI Vulnerability
BID:1854
Info
Multiple Vendor BSD Global Port Package CGI Vulnerability
| Bugtraq ID: | 1854 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 26 2000 12:00AM |
| Updated: | Oct 26 2000 12:00AM |
| Credit: | This vulnerability was first discovered by Shiago Yamaguchi, and publicly announced by NetBSD Security on October 26, 2000. |
| Vulnerable: |
Shigio Yamaguchi Global 3.55 |
| Not Vulnerable: |
FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 3.5 |
Discussion
Multiple Vendor BSD Global Port Package CGI Vulnerability
Global is a source code tag system included in the NetBSD ports package. A vulnerability exists in versions 3.55 and prior that allows for an attacker to remotely execute commands.
The problem occurs in the handling of quoted and escaped characters by the Common Gateway Interface script. An administrator can use the "htags -f" function to generate a CGI script that will provide the interface between the web server and the system. However, through the CGI, it is possible for a malicious user to pass a specially formatted string to the interface, resulting in the execution of a shell command.
Global is a source code tag system included in the NetBSD ports package. A vulnerability exists in versions 3.55 and prior that allows for an attacker to remotely execute commands.
The problem occurs in the handling of quoted and escaped characters by the Common Gateway Interface script. An administrator can use the "htags -f" function to generate a CGI script that will provide the interface between the web server and the system. However, through the CGI, it is possible for a malicious user to pass a specially formatted string to the interface, resulting in the execution of a shell command.
Exploit / POC
Multiple Vendor BSD Global Port Package CGI Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Multiple Vendor BSD Global Port Package CGI Vulnerability
Solution:
It is recommended that all users of this package upgrade to a minimum version of 4.0.1. In the event that this is not possible, a modification of the file HTML/cgi-bin/global.cgi to the following format is recommended:
Around line 35:
From: $pattern =~ s/'//g;
To: $pattern =~ s/"//g;
Shigio Yamaguchi Global 3.55
Solution:
It is recommended that all users of this package upgrade to a minimum version of 4.0.1. In the event that this is not possible, a modification of the file HTML/cgi-bin/global.cgi to the following format is recommended:
Around line 35:
From: $pattern =~ s/'//g;
To: $pattern =~ s/"//g;
Shigio Yamaguchi Global 3.55
-
NetBSD Global
Precompiled binaries are available here.
ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/devel/global/README.ht ml -
Shigio Yamaguchi Global-4.0.1
Source code.
http://www.tamacom.com/global/global-4.0.1.tar.gz
References
Multiple Vendor BSD Global Port Package CGI Vulnerability
References:
References: