[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerability in GlimpseHTTP and WebGlimpse CGI scripts

Title: Vulnerability in GlimpseHTTP and WebGlimpse CGI scripts
Released by:
Date: 14th November 1997
Printable version: Click here 


Problem: Vulnerability in GlimpseHTTP 2.0 and

         WebGlimpse versions prior to 1.5



I. Description



A vulnerability exists in the GlimpseHTTP web search package.  A related

vulnerability exists in the WebGlimpse web search package prior to version

1.5 (the latest version).  These packages are popular collections of tools

that provide easy-to-use interface to Glimpse, an indexing and query

system, to provide a search facility on web sites.



Due to insufficient argument checking by some of GlimpseHTTP and older

WebGlimpse routines, intruders may be able to force it to execute arbitrary

commands with the privileges of the httpd process.  Attacks against

GlimpseHTTP using these vulnerabilities have been reported.



Similar attacks have been reported on other scripts, and it is a good idea

now to check all your CGI scripts.  For more information see



        http://info.cert.org/pub/cert_advisories/CA-97.25.CGI_metachar

        http://info.cert.org/pub/tech_tips/cgi_metacharacters



To check whether exploitation of this vulnerability has been attempted at

your site, search for unusual accesses to aglimpse in your access logs.

An example of how to do this is:



# egrep 'aglimpse.*IFS' {WWW_HOME}/logs/access_log



Where {WWW_HOME} is the base directory for your web server.



If this command returns anything, further investigation is necessary.



Up-to-date information regarding these vulnerabilities can be obtained from

the authors of GlimpseHTTP and WebGlimpse at



http://glimpse.cs.arizona.edu/security.html



Although the attacks against GlimpseHTTP have focused on version 2.0,

similar attacks may be possible on earlier versions.





II. Impact



Remote users may be able to execute arbitrary commands with the privileges

of the httpd process which answers HTTP requests.  This may be used to

compromise the http server and under certain configurations gain privileged

access.  Current attacks concentrated on obtaining the /etc/passwd file on

systems that do not provide shadow passwords.





III. Solution



The authors have decided to stop supporting GlimpseHTTP, and instead have

released a new version (1.5) of WebGlimpse, which has most of the features

of GlimpseHTTP and many more.



Users of any version GlimpseHTTP are encouraged to upgrade to the new

WebGlimpse.  Users of earlier versions of WebGlimpse are also encouraged to

upgrade, as version 1.5 is more robust and more secure.  WebGlimpse can be

found at http://glimpse.cs.arizona.edu/webglimpse/



For sites that cannot immediately install the current version of

WebGlimpse, it is recommended that you disable the version of GlimpseHTTP

or WebGlimpse you are using and use another script to interface to Glimpse.



Questions to the authors can be directed to glimpse@cs.arizona.edu






(C) 1999-2000 All rights reserved.