Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Huge security holes in Microsoft FP98 server extensions for Apache

Huge security holes in Microsoft FP98 server extensions for Apache

Marc Slemko (marcsZNEP.COM)
Sat, 11 Oct 1997 12:56:54 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Re: Huge security holes in Microsoft FP98 server extensions for"
Previous message: Razvan Dragomirescu: "Security flaw in Count.cgi (wwwcount)"
Next in thread: Aleph One: "Re: Huge security holes in Microsoft FP98 server extensions for"

[Copies sent to bugtraq, inet-access, freebsd-security, the Apache
development mailing list, and the comp.infosystems.www.servers.unix and
microsoft.public.frontpage.extensions.unix newsgroups.]

Microsoft's FrontPage 98 server side extensions for Apache under Unix
include a small setuid root program (fpexe) to allow the FrontPage CGIs to
be run as the user who owns the pages as opposed to them all running as
the user the web server runs as.  This is necessary to get around gaping
loopholes that occur when all FrontPage documents are owned by the user
the web server runs as.

There are, however, gaping holes in this fpexe program that make it easily
exploitable to eventually gain root.

This is only in the FrontPage 98 extensions and is only in the Apache
version; it is completely unrelated to any Apache code and only occurs in
the Apache version simply because that is the only version where this
functionality is provided.

Details are at http://www.worldgate.com/~marcs/fp/

Next message: Aleph One: "Re: Huge security holes in Microsoft FP98 server extensions for"
Previous message: Razvan Dragomirescu: "Security flaw in Count.cgi (wwwcount)"
Next in thread: Aleph One: "Re: Huge security holes in Microsoft FP98 server extensions for"