Un-Cgi could allow the execution of un-executable CGI scripts

uncgi-unexecutable-cgi (6847) The risk level is classified as MediumMedium Risk

Description:

Un-CGI could allow a remote attacker to execute malicious un-executable CGI scripts on the system. The Un-CGI program fails to properly check whether scripts have executable bits turned on. This allows the CGI script's file name to be passed as an argument to the program listed behind '#!' in the first line of the script.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of Un-Cgi, or at least to version 1.10, where this issue is addressed.

At compile-time, set the EXECUTABLES_ONLY option to disable Un-CGI's ability to execute shell scripts that begin with #! but don't have the execute permission set in the file system.

As a workaround, apply the patch included in the BugTraq Mailing List posting dated Tue Jul 17 2001 12:48:12. See References.

References:

  • BugTraq Mailing List, Tue Jul 17 2001 - 05:48:12 CDT: multiple vulnerabilities in un-cgi.
  • Un-CGI Web site: Un-CGI version 1.10.
  • BID-3057: Steve Grimm Un-CGI Script Access Validation Vulnerability
  • CVE-2001-1241: Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with #! and the desired program name.
  • OSVDB ID: 8964: Steven Grimm Un-CGI Non-executable CGI Arbitrary Execution

Platforms Affected:

  • Steven Grimm Un-CGI

Reported:

Jul 17, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page