Hi,Zeffie.
----- Original Message ----- From: "Zeffie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 30, 2002 9:03 PM Subject: Re: [cobalt-security] QuickFIX:CGIWrap Update: Patched RaQ still has issues | > there are still Cross-Site-Scripting vulnerabilities | > with latest patched CGI-Wrapper on the RaQs. | > Atackers can steal session cookies, | > can display fake information on victim browser. | > Quick FIX:(My RaQ3) | > telnet www.domain.jp 23 | | telnet? Of course, to use SSH is recommended very strongly. Thank you for your advice. | | > Cobalt Linux release 5.0 (Pacifica) | > Kernel 2.2.16C28_III on an i586 | | You haven't done the kernel update from Jan 7 2002 | Zeffie,do you made reference about the Patche, RaQ3-ALL-Security-4.0.1-15417.pkg? I have searched this patche here, Sun Cobalt Support - Sun Cobalt Product Downloads(Japan) http://jp.sunsolve.sun.com/patches/cobalt/japan/index.html This patche is not released in japan, to an unhappy thing. Luckily, it has noticed,thank you Zeffie. | <snip> | | Delete your files? Is this a another scare sales thing? -- In Japanese official download site, <http://jp.sunsolve.sun.com/patches/cobalt/japan/index.html> there is a CGIWrap Update 4.0.1 PKG,named RaQ3-All-Security-4.0.1-14985.pkg released by SUN at 25/07/2002. (English version is RaQ3-All-Security-4.0.1-14997.pkg,NOT14985.) Japanese PKG deletes debugging-mode files automatically | by itself. CERT said me, Me> Hardlink or symlink nph-cgiwrap, nph-cgiwrapd, cgiwrapd to cgiwrap Me> in the cgi-bin directory. Then remove nph-cgiwrapd, cgiwrapd. CERT>This sounds like a fine solution on production systems. Me> Put access controls on remote execution of scripts via cgiwrapd. Me> (nph-cgiwrapd, too) Or don't allow cgiwrapd to be run in the Me> production environment. CERT>This is another way to disable cgiwrapd, but will probably be less CERT>reliable than just removing it from production servers. -- I have another workaround taught from Michael Stauber.(thank you Michael!). Michael said me, >But there is an easy way to disable that by adding the following lines to /etc/httpd/conf/access.conf: <Location /cgiwrapDir/cgiwrapd> Order deny,allow Deny from all Allow from your_trusted_ip_here </Location> <Location /cgiwrapDir/nph-cgiwrapd> Order deny,allow Deny from all Allow from your_trusted_ip_here </Location> -- Thank you, Zeffie. Thank you, Mstauber. --------------------------- Katumi Imaizumi [EMAIL PROTECTED] ---------------------------- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
