HTTP CGI Shell
CAN 1999-0509
Impact
By exploiting this vulnerability, a malicious user may be able to execute arbitrary commands
on a remote system. In some cases, the hacker may be able to gain root
level access to the system, in which case the hacker might be able to cause
copious damage to the system, or use the system as a jumping off point to target other systems
on the network for intrusion and/or denial of service attacks.
Background
The vulnerability lies in the fact that certain UNIX
shells
may reside in a web server's /cgi-bin directory (the directory in which a web server
stores executable files). A UNIX shell acts as the user interface to the system. In other
words, much like the command.com file on Windows/MS-DOS
systems, UNIX shells handle inputs from the user and then pass them on to the kernel for
processing. Also, when a process, or program, needs to display information to the user,
the output is passed to the shell from the kernel, which then presents that information to the
user. Some of the more common shells found on UNIX systems include
csh,
bash,
zsh, ash,
ksh, sh and
tcsh.
The Problem
A malicious user may be able to access the shells found in the /cgi-bin directory. Using
the shells, the hacker might be able to interact with the system just as any authorized user would
be able to do (an bypass all system security in the process). Furthermore, if the hacker is
able to gain root privileges, the consequences could
be dire indeed: modified/deleted system files, compromised information and deleted file
systems could be the result.
Resolution
The fix for this vulnerability is to simply remove any shell files present in the
cgi-bin directory, and also remember to remove any links to those files as well. It
is important to remember that a shell file should never be present in the /cgi-bin
directory.
Where can I read more about this?
A good source of information about different security issues is the
Linux Documentation Project. This site
also contains information about the different shells and shell commands discussed in this
tutorial. Other good sources of information for security issues include
CERT and CIAC.