Vulnerability

    The Free On-line Dictionary of Computing

Affected

    The Free On-line Dictionary of Computing

Description

    Following is based on a Cgisecurity.com advisory #4.  Just so  all
    the script kids know it does allow partial command execution.  The
    only limit  to this  is commands  with arguements  (EX: limited to
    single commands like ls,ps).

    The problem lies in a file  called template.cgi.  This file has  a
    variable name $file which does not validate its input.  Below is a
    example of what you would enter in to show the scripts own  source
    code.

        http://hostname/foldoc/template.cgi?template.cgi

    (Note: Paths may vary but this seems to be a popular one)

    This does allow command execution as well as remote file  viewing.
    The  command  execution  is  limited  to  single  commands without
    switches  (Ex:  ps,ls,rm).   This  would  LIMIT  a  attacker  from
    executing  a  serious  of  commands  to  bind  a  shell to a port.
    Command  execution  is  allowed  under  the  permissions  of   the
    webserver which is normally user nobody.

Solution

    The vendor has been contacted on this issue and it is being fixed.
    As  temporary  workaround,  find  template.cgi  and  make sure the
    executable bit is removed for the world (chmod 750).