|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-ID: <01BFEB58.4890C5C0.schleich@cgocable.net> Date: Tue, 11 Jul 2000 16:51:38 -0400 Reply-To: Jake Schleich <schleich@CGOCABLE.NET> From: Jake Schleich <schleich@CGOCABLE.NET> To: BUGTRAQ@SECURITYFOCUS.COM Just a note on the new bug in the hostsvc cgi. I found that by just downloading the new 1.4h2 and running the bbconfig and filling in the variables, it overwrote the offending file without me having to reinstall the entire thing; a pain when it comes to reconfiguring. It asks which files it will overwrite in the cgi-bin, you just say no to the custom ones(if you have replaced a few of the default bb cgi's with /ext released versions as I have) and replace the offending file(s). So in short, the bbconfig script will fix the problem without a rebuild. The hole appears to be patched on my server now (I already had the 1.4h release; I cant say this will work if you are using an older version). This may be a short way for bb users to fix the problem rather than a full install; it doesnt appear it is required, and no other changes appear to be in the release to benefit from a fresh install. Jake Schleich Unix Administrator - Internet Systems Department Cogeco@home - CGOcable.net (905) 333-7085 (schleich@cgocable.net) <cut> The problem exists in the code where $HOSTSVC does not do authenticity checking for its assigned variable. ---- snip ---- # get the color of the status from the status file set `$CAT "$BBLOGS/$HOSTSVC" | $HEAD -1` >/dev/null 2>&1 BKG="$1" ---- snap ---- e.g. http://www.bb4.com/cgi-bin/bb-hostsvc.sh?HOSTSVC=/../../../../../../../. ./etc/passwd BB4 Technologies has already been notified and a patch is already out. It can be Downloaded from http://www.bb4.com/download.html </cut>
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |