Uh oh,
I'm not entirely positive, but I believe that the version of webgui
currently installed falls in that range. Thanks Rick!
On positive note, I ran chkrootkit today and nothing was detected. Small
victories I'll take.
Neil Little, WA4AZL
JARS Forever!! ...er TRILUG Too!!
On 5/16/06, Neil L. Little <[EMAIL PROTECTED]> wrote:
There were no PHP scripts running.
The HTTP server was running WebGUI, a content management application
based on Perl.
Perl apps are quite susceptible to security exposures, not only the
usual things like sql injection, but also perl specific feature
exploitations.
One dangerous feature of perl is the way that filenames are overloaded
in the open() function to do IPC, in perl open("ls |") will actually
run an ls command and return a pipe handle so that you can read the
output of the command.
If a perl cgi takes something from the user, and interprets it as a
file name without first scrubbing it, a malicious user can execute
arbitrary code with the permissions of the cgi process. This was the
basis of a pretty nasty exposure in awstats which typically got
exploited by using a url which used wget to download a zombie program
and then execute it.
A google of "webgui security" turns up a vulnerability which was
discovered a few months ago:
http://www.securityfocus.com/bid/16612
This seems to affect webgui 6.3.0-6.8.5
-- Rick DeNatale IPMS/USA Region 12 Coordinator
http://ipmsr12.denhaven2.com/ Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
