[mrtg] directory traversal problems with 14all.cgi
Greg.Volk at edwardjones.com
Greg.Volk at edwardjones.com
Wed Feb 6 17:28:34 MET 2002
A coworker of mine recently demonstrated to me that the way I
currently have 14all.cgi configured, it is vulnerable to a
directory traversal attack. What he couldn't tell me, and I
couldn't figure out on my own, is how to remedy this problem.
The following line currently displays the first line of my
/etc/hosts to anyone who wants to know. Not a big deal, since
this is not a publically accessible server, but something I
would like to fix nonetheless.
http://mrtgserver/cgi-bin/14all.cgi?cfg=../../../../../../../../etc/hosts
My question is what can I do to fix this?
Am I looking at an httpd misconfiguration?
Incorrect permissions for user "nobody?"
A 14all misconfiguration?
Is anybody else having this problem?
I looked through the archives and ran several queries against
google looking for more info about this but didn't find anything.
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
More information about the mrtg
mailing list