OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Stan (stanWHIZKUNDE.ORG)
Date: Fri Apr 27 2001 - 07:50:23 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    [whizkunde security advisory: PerlCal (CGI)]
    http://www.whizkunde.org | stanwhizkunde.org

    ----------------------------------------------------------
    Release date: April 27th 2001

    Subject: PerlCal (CGI) security problem

    Systems affected: *NIX (not windows) systems running
    PerlCal CGI script

    Vendor: http://www.perlcal.com
    ----------------------------------------------------------

    1. problem
    cal_make.pl of the PerlCal script may allow remote users
    (website visitors) to view any file on a webserver (depending
    on the user the webserver is running on).

    Regard this URL:

    http://www.VULNERABLE.com/cgi-bin/cal_make.pl?
    p0=../../../../../../../../../../../../etc/passwd%00
    This will display the /etc/passwd (if the webserver user has
    access to this file).

    2. fix
    I warned the PerlCal vendor three weeks ago. After a
    reaction, I gave him some time and tips to release a fix.
    Because the vendor still hasn't fixed the problem and because
    he didn't notice me why he hasn't released a patch yet, I
    released this advisory.
    I really hope the vendor will release a patch in the very
    near future.
    In the meantime it might be a good idea to just chmod 000
    your PerlCal scripts.

    ----------------------------------------------------------
    Stan a.k.a. ThePike
    stanwhizkunde.org
    http://www.whizkunde.org

    Copyright whizkunde security team 2001