[UNIX] sbox Information Disclosure Vulnerability

• Previous message: SecuriTeam: "[TOOL] Windows Reverse Shellcode (under 300 Bytes, no spaces, no NULLs)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 29 Sep 2003 14:10:51 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  sbox Information Disclosure Vulnerability
------------------------------------------------------------------------

SUMMARY

 <http://stein.cshl.org/WWW/software/sbox/> sbox is "a CGI wrapper script
that allows web site hosting services to safely grant CGI authoring
privileges to untrusted clients". A path disclosure vulnerability in the
product allows remote attackers to determine the path under which the CGI
directory is installed.

DETAILS

Vulnerable systems:
 * sbox version 1.04

When a query to a non-existent script in /cgi-bin is made, sbox displays
an error that reveals some information that should not be revealed, such
as physical path.

Example:
Requesting: http://your.vulnerable.site/cgi-bin/non-existent.pl

Returns:

Sbox Error
The sbox program encountered an error while processing this request.
Please note the time of the error, anything you might have been doing at
the time to trigger the problem, and forward the information to this
site's Webmaster (root@your.vulnerable.site).

    Stat failed. /home/jcf/cgi-bin/a.pl: No such file or directory

sbox version 1.04
$Id: sbox.c,v 1.9 2000/03/28 20:12:40 lstein Exp $

Vendor status:
The vendor has been contacted, currently no solution exist.

ADDITIONAL INFORMATION

The information has been provided by <mailto:e2fsck@bol.com.br> e2fsck.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[TOOL] Windows Reverse Shellcode (under 300 Bytes, no spaces, no NULLs)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]