[14176] in bugtraq
OpenLinux 2.3: rpm_query
daemon@ATHENA.MIT.EDU (harikiri)
Tue Mar 7 03:03:55 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0003041204220.6797-100000@juggernaut.el8.org>
Date: Sat, 4 Mar 2000 12:32:04 -0800
Reply-To: harikiri <hariki@EL8.ORG>
From: harikiri <hariki@EL8.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This was observed on an OpenLinux 2.3 system, after performing a full
insallation of all packages.
NOTE: I didn't see anything on this in the Bugtraq archive, so I'm
assuming it's not a known issue.
[root@noname /root]# rpm -q -f /home/httpd/cgi-bin/rpm_query
OpenLinux-2.3-16
[root@noname /root]#
Issue
The rpm_query cgi allows any individual who can connect to the web server
to obtain a listing of all rpm's installed on the system.
Impact
Attackers may use this information to identify what vulnerable software
packages have been installed.
Recommendation
If this cgi is not required:
# chmod 0 /home/httpd/cgi-bin/rpm_query
If it is required, use Apache's access control features to restrict who
may use it.
harikiri
--
"Unless you enter the tiger's lair, you cannot get hold of the tiger's cubs."
