[20493] in bugtraq
PerlCal (CGI) show files vulnerability
daemon@ATHENA.MIT.EDU (Stan)
Fri Apr 27 20:56:31 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-ID: <5.1.0.14.0.20010427144302.00ade130@nuffsaid.axenet.org>
Date: Fri, 27 Apr 2001 14:50:23 +0200
Reply-To: Stan <stan@WHIZKUNDE.ORG>
From: Stan <stan@WHIZKUNDE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
[whizkunde security advisory: PerlCal (CGI)]
http://www.whizkunde.org | stan@whizkunde.org
----------------------------------------------------------
Release date: April 27th 2001
Subject: PerlCal (CGI) security problem
Systems affected: *NIX (not windows) systems running
PerlCal CGI script
Vendor: http://www.perlcal.com
----------------------------------------------------------
1. problem
cal_make.pl of the PerlCal script may allow remote users
(website visitors) to view any file on a webserver (depending
on the user the webserver is running on).
Regard this URL:
http://www.VULNERABLE.com/cgi-bin/cal_make.pl?
p0=../../../../../../../../../../../../etc/passwd%00
This will display the /etc/passwd (if the webserver user has
access to this file).
2. fix
I warned the PerlCal vendor three weeks ago. After a
reaction, I gave him some time and tips to release a fix.
Because the vendor still hasn't fixed the problem and because
he didn't notice me why he hasn't released a patch yet, I
released this advisory.
I really hope the vendor will release a patch in the very
near future.
In the meantime it might be a good idea to just chmod 000
your PerlCal scripts.
----------------------------------------------------------
Stan a.k.a. ThePike
stan@whizkunde.org
http://www.whizkunde.org
Copyright whizkunde security team 2001
