TUCoPS :: SCO :: shh.htm

SCO Unixware 7 scohelphttp bad path checking



    UnixWare 7


    Following ia  based on  a Defcom  Labs Advisory  def-2000-01.  The
    search  function  "/search97cgi/vtopic"  used  by  the  UnixWare 7
    "scohelphttp" webserver (tcp  port 457) contains  a bug that  lets
    anyone with access to scohelphttp view any world-readable file  on
    the host.

    The view function  of the searcg97cgi/vtopic  cgi has a  parameter
    called  ViewTemplate  that  specifies  an  HTML  template file for
    search results:


    The contents  of this  variable is  not checked  for "/../" paths,
    thus enabling anyone  to view any  file readable to  the webserver
    process.  The webserver runs as user "nobody" by default, limiting
    the  accesible   files  to   files  that   are  "world   readable"
    (/etc/passwd not /etc/shadow).


    For workaround, run the following commands (as root):


    To stop  and disable  the scohelphttp  webserver.   Await fix from
    SCO.  This  issue was brought  to SCO's attention  on the 18th  of
    July and was assigned the ID SCO-375377.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH