mhonarc-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fwd: SECURITY ALERT: serious bug in glimpseHTTP 2.0

1997-07-06 12:29:21
from [Achim Bohnet] [Permanent Link] 
Someone tried today to exploit the bug here.  So I also urge others to
check their access_logs if they use glimpeHTTP for their mhonarc archives.

Achim


Stephane Bortzmeyer wrote:

On Thursday 3 July 97, at 9 h 33, the keyboard of 
bortzmeyer(_at_)pasteur(_dot_)fr 
wrote:


[Udi: The rest of the message details the exploit, which I removed
from this broadcast message.


Since three actual attacks have already been made at Pasteur, I suggest 
you check your Web servers with something like:

grep 'aglimpse.*IFS' /usr/local/etc/httpd/logs/access_log



And here's the original alert I received:

From: bortzmeyer(_at_)pasteur(_dot_)fr
To: glimpse(_at_)cs(_dot_)arizona(_dot_)edu
Cc: bortzmeyer(_at_)pasteur(_dot_)fr, udi(_at_)cs(_dot_)arizona(_dot_)edu
Subject: Fwd: SECURITY ALERT: serious bug in glimpseHTTP 2.0
Date: Thu, 03 Jul 97 09:33:53 +0200
Errors-to: glimpse-errors(_at_)cs(_dot_)arizona(_dot_)edu

This bug has been tested by me and works (glimpseHTTP 2.0). 

A simple fix, which seems to work is to change the offending line to:
(around line 72 in aglimpse)

open(CONF,"/$indexdir/archive.cfg") || &err_conf;
           ^
           Here

A better long term fix would be to run every Perl CGI with taintperl 
(option -T) and to use 'use strict'). I highly recommend it.

- -----Forwarded message from Razvan Dragomirescu 
<drazvan(_at_)kappa(_dot_)ro>-----

Date:         Wed, 2 Jul 1997 19:32:09 +0300
Reply-To: Razvan Dragomirescu <drazvan(_at_)kappa(_dot_)ro>
Sender: Bugtraq List <BUGTRAQ(_at_)NETSPACE(_dot_)ORG>
From: Razvan Dragomirescu <drazvan(_at_)kappa(_dot_)ro>
Subject:      Vulnerability in Glimpse HTTP
To: BUGTRAQ(_at_)NETSPACE(_dot_)ORG

Hi,

I'm back with another vulnerability, this time in a small utility: Glimpse
HTTP which is an interface to the Glimpse search tool. It is written in
PERL.

First my congratulations to the authors. They've done a really great job
in securing the program (really, I mean it). The hole I exploited is a
small one but it can allow you to execute any command on the remote
system (as the owner of the http server).

[Udi: The rest of the message details the exploit, which I removed
from this broadcast message.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: Fwd: SECURITY ALERT: serious bug in glimpseHTTP 2.0, Achim Bohnet <=
Previous by Date:  Problem with marc-search.4.2 and MHonArc2.1, Ender Oezguer
Next by Date:  problem in the .mhonarc.db, Erik BERNARD
Previous by Thread:  Problem with marc-search.4.2 and MHonArc2.1, Ender Oezguer
Next by Thread:  problem in the .mhonarc.db, Erik BERNARD
Indexes:  [Date] [Thread] [Top] [All Lists]