At 06:51 PM 8/28/02 -0700, I wrote: >At 02:58 AM 8/29/02 +0200, Mr. Stauber wrote: > >>Change the domain and the username below to one of your RaQs and see yourself: >> >>http://www.victim.org/cgiwrapDir/cgiwrapd/~someone/<html><s>TEST</s> >> >>Reveals UID, GID of "someone", his home directory and some other errands. >> >>All by itself it isn't that big of a deal, but I could imagine a few scenarios >>where this information might aid in an exploitation. > >Hmm, I get nothing but 404 errors...
Whoops! I had a typo in my URL... now I do indeed see the exploit at work. Indeed it is a vulnerability on the RaQ2, even with the recent CGIWrap patch installed. As Mr. Stauber points out, it does reveal a UID and a GID and a directory path... Perhaps not a big deal, but I would prefer to keep secret internal info like that secret and internal... I hope another patch will soon be forthcoming. Thanks, folks! Dan Keller _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
