[8510] in bugtraq
SCO World Script Vulnerabilities
daemon@ATHENA.MIT.EDU (Ben Laurie)
Thu Nov 12 13:24:58 1998
Date: Wed, 11 Nov 1998 18:16:04 +0000
Reply-To: Ben Laurie <ben@ALGROUP.CO.UK>
From: Ben Laurie <ben@ALGROUP.CO.UK>
X-To: mikeb@scoworld.com, jimmo@scoworld.com
To: BUGTRAQ@NETSPACE.ORG
I don't use SCO any more (well, I can give it up any time, honest), but
I still get their mags. So, this morning I was leafing through SCO
World, August '98 and September/October '98. Therein we find "Nuthin'
but Net", "Administering Your System via the Web" by Jim Mohr. This
suggests so many really Bad Things it is difficult to know where to
start, but here goes.
1. First, set up .rhosts on all your servers, so the webserver can log
in and do stuff.
2. Let the user specify the server name as a CGI parameter. Any name
they like.
3. Now, using perl, pass that name, unvetted, to rsh like so:
open(MSG,'rsh '.$server.' other stuff');
Wonderful. I wonder if we can find a SCO server running this stuff?
Oh, BTW, here's a particular gem I shall treasure forever: "Lowering
security to make Web access easier is less of a problem". Yeah, right!
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
