Steven Grimm Un-CGI Non-executable CGI Arbitrary Execution

2001-07-17T00:00:00
ID OSVDB:8964
Type osvdb
Reporter Khamba Staring(purrcat@edoropolis.org)
Modified 2001-07-17T00:00:00

Description

Vulnerability Description

Steven Grimm's Un-CGI contains a flaw that may allow a malicious user to execute arbitrary files regardless of the status of the executable bit of the specified file. The issue is triggered when a file starting with #! is specified as a URL parameter. It is possible that the flaw may allow arbitrary CGI code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 1.10 or higher and use the EXECUTABLES_ONLY compile-time option, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Steven Grimm's Un-CGI contains a flaw that may allow a malicious user to execute arbitrary files regardless of the status of the executable bit of the specified file. The issue is triggered when a file starting with #! is specified as a URL parameter. It is possible that the flaw may allow arbitrary CGI code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.midwinter.com/~koreth/uncgi.html Security Tracker: 1002035 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html ISS X-Force ID: 6847 CVE-2001-1241 Bugtraq ID: 3057