Re: SGI Security Advisory 19970501-01-A - Vulnerability in webdist.cgi

Kari E. Hurtta (Kari.Hurtta@OZONE.FMI.FI)
Wed, 07 May 1997 09:02:54 +0300

SGI Security Coordinator:
> Silicon Graphics Inc. acknowledges the webdist.cgi security vulnerability
> reported by the CERT Coordination Center in their advisory CA-97:12.

I don't have seen that CERT report yet, but I suppose that this is

f 27567 4430 outbox.sw.webdist var/www/cgi-bin/webdist.cgi

on O2.

I asked some month about these *.sysadm and *.webdist susbsystems in
comp.os.sgi.* -groups, but nobody commented.

Is anybody looked these *.sysadm subsystems closer.
It looks quite suspicious:

oxygen 2% showfiles outbox | grep cgi-bin
f 37853 1197 outbox.sw.outbox var/www/cgi-bin/MachineInfo
f 35963 2434 outbox.sw.outbox var/www/cgi-bin/handler
f 59162 37700 outbox.sw.outbox var/www/cgi-bin/machine-cgi
f 51763 37700 outbox.sw.outbox var/www/cgi-bin/outbox-cgi
f 21944 703 outbox.sw.outbox var/www/cgi-bin/sgi-camera/snap
f 27567 4430 outbox.sw.webdist var/www/cgi-bin/webdist.cgi
f 18006 3040 outbox.sw.webdist var/www/cgi-bin/webdist.install.cgi
f 52607 20808 outbox.sw.outbox var/www/cgi-bin/wrap
oxygen 3% showfiles sysadmdesktop | grep cgi-bin
f 57427 6301 sysadmdesktop.sw.sysadm var/www/cgi-bin/DtConfAllDone.cgi
f 1454 14634 sysadmdesktop.sw.sysadm var/www/cgi-bin/QuitSysSetup.cgi
f 32731 7591 sysadmdesktop.sw.sysadm var/www/cgi-bin/SysSetWrapper.cgi
f 41666 3828 sysadmdesktop.sw.sysadm var/www/cgi-bin/checkProc.cgi
f 37959 54084 sysadmdesktop.sw.sysadm var/www/cgi-bin/ghinv/ghinvMain
f 51601 33604 sysadmdesktop.sw.sysadm var/www/cgi-bin/ghinv/memdetail
f 35099 22207 sysadmdesktop.sw.sysadm var/www/cgi-bin/wwwActions.cgi
f 7396 14511 sysadmdesktop.sw.sysadm var/www/cgi-bin/wwwDone.cgi
oxygen 4%

(Yes. I have disabeld access to these in
/usr/ns-home/httpd-oxygen/config/obj.conf
)

/ Kari Hurtta