Tutorial - HTTP CGI Information

HTTP CGI Shell

CAN 1999-0509

Impact

By exploiting this vulnerability, a malicious user may be able to execute arbitrary commands on a remote system. In some cases, the hacker may be able to gain root level access to the system, in which case the hacker might be able to cause copious damage to the system, or use the system as a jumping off point to target other systems on the network for intrusion and/or denial of service attacks.

Background

The vulnerability lies in the fact that certain UNIX shells may reside in a web server's /cgi-bin directory (the directory in which a web server stores executable files). A UNIX shell acts as the user interface to the system. In other words, much like the command.com file on Windows/MS-DOS systems, UNIX shells handle inputs from the user and then pass them on to the kernel for processing. Also, when a process, or program, needs to display information to the user, the output is passed to the shell from the kernel, which then presents that information to the user. Some of the more common shells found on UNIX systems include csh, bash, zsh, ash, ksh, sh and tcsh.

The Problem

A malicious user may be able to access the shells found in the /cgi-bin directory. Using the shells, the hacker might be able to interact with the system just as any authorized user would be able to do (an bypass all system security in the process). Furthermore, if the hacker is able to gain root privileges, the consequences could be dire indeed: modified/deleted system files, compromised information and deleted file systems could be the result.

Resolution

The fix for this vulnerability is to simply remove any shell files present in the cgi-bin directory, and also remember to remove any links to those files as well. It is important to remember that a shell file should never be present in the /cgi-bin directory.

Where can I read more about this?

A good source of information about different security issues is the Linux Documentation Project. This site also contains information about the different shells and shell commands discussed in this tutorial. Other good sources of information for security issues include CERT and CIAC.