Info

Disclosure

Apr 02, 1997

Discovery

Unknown

Dates

Exploit

Apr 02, 1997

Solution

Unknown

Description

IRIX contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the wrap script not properly sanitizing user input, specifically directory traversal style attacks (../../).

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Silicon Graphics, Inc. has released patches to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround: either change the permissions of the wrap script or remove the outbox subsystem. #/bin/chmod 400 /var/www/cgi-bin/wrap or # /usr/sbin/versions -v remove outbox

Products

Silicon Graphics, Inc.	IRIX	5.3
		6.0.x
		6.1
		6.2
		6.3
		6.4

References

CVE ID: 1999-0149 (see also: NVD)
ISS X-Force ID: 290
Bugtraq ID: 373
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches/
Other Advisory URL: http://www.juniper.net/security/auto/vulnerabilities/vuln951.html

Credit

J.A. Gutierrez - spdGTC1.CPS.UNIZAR.ES -

Direct URL: http://osvdb.org/247