• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Steve Grimm Un-CGI Script Access Validation Vulnerability

Un-CGI is a free CGI Wrapper application. Its function is to parse URL encoded input and translate it for use by CGI applications. It may be used as a library or as a stand-alone executable.

A problem exists with the Un-CGI executable. When Un-CGI executes scripts, it does so without checking to see if the executable bit is set for the program in question.

In conjunction with the ability to write files on the server, this vulnerability may be used to gain access to the host.