AOH :: SCO :: SHH.HTM

AOH :: SCO :: SHH.HTM
SCO Unixware 7 scohelphttp bad path checking

Vulnerability

    scohelphttp

Affected

    UnixWare 7

Description

    Following ia  based on  a Defcom  Labs Advisory  def-2000-01.  The
    search  function  "/search97cgi/vtopic"  used  by  the  UnixWare 7
    "scohelphttp" webserver (tcp  port 457) contains  a bug that  lets
    anyone with access to scohelphttp view any world-readable file  on
    the host.

    The view function  of the searcg97cgi/vtopic  cgi has a  parameter
    called  ViewTemplate  that  specifies  an  HTML  template file for
    search results:

        http://unixware7box:457/search97cgi/vtopic?action=view&ViewTemplate=

    The contents  of this  variable is  not checked  for "/../" paths,
    thus enabling anyone  to view any  file readable to  the webserver
    process.  The webserver runs as user "nobody" by default, limiting
    the  accesible   files  to   files  that   are  "world   readable"
    (/etc/passwd not /etc/shadow).

Solution

    For workaround, run the following commands (as root):

        /usr/ns-home/httpd-scohelphttp/stop
        /usr/ns-home/httpd-scohelphttp/disable

    To stop  and disable  the scohelphttp  webserver.   Await fix from
    SCO.  This  issue was brought  to SCO's attention  on the 18th  of
    July and was assigned the ID SCO-375377.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.