|
|
IRIX cgi-bin handler Vulnerability
Solution: A suitable patch was posted to Bugtraq: *** handler.orig Wed Jul 23 20:49:26 1997 --- handler Wed Jul 23 20:55:25 1997 *************** *** 26,31 **** --- 26,32 ---- $pathRoot = $_[$#_] ; $doc = $ROOT.$PATH ; + $_ = $PATH; &ErrBadPath unless &ValidPath ; # Check for server spoofing #__________________________________________________________ *************** *** 108,113 **** --- 109,117 ---- sub ValidPath { + # suggested by drazvan@kappa.ro + if (/[|;]/) { return '' }; + return 1 unless /\.\./ ; return '' if /^\.\./ ; *************** *** 117,120 **** --- 121,136 ---- return 1 ; } + sub ErrBadPath + { + print <<ENDOFTEXT ; + Content-type: text/html + <HEAD><TITLE>404 Not Found</TITLE></HEAD> + <BODY><H1>404 Not Found</H1> + The requested URL $PATH was not found on this server.<P> + </BODY> + ENDOFTEXT + + die ; + } Please go to SGI support at http://support.sgi.com> for official patches from Silicon Graphics for this any other vulnerabilities. |
|
Privacy Statement |