HighCheck or Attack Name: Webdist
The webdist.cgi program contains a vulnerability that allows a remote attacker to execute arbitrary commands on a remote machine with the privileges of the user owning the server process. The webdist program is part of the Outbox Environment Subsystem for IRIX, installed by default on all SGI systems running IRIX 6.2 or newer. Older versions of IRIX may have this package optionally installed.
Disable the scripts included with the IRIX Outbox Environment Subsystem and obtain the patch(es) made available by SGI.
You can temporarily change permissions until the patch is applied:
- Become the root user on the system.
- Change the permissions on the programs by typing:
/bin/chmod 400 /var/www/cgi-bin/webdist.cgi
/bin/chmod 400 /var/www/cgi-bin/handler
/bin/chmod 400 /var/www/cgi-bin/wrap
By changing the permissions on these programs as above, these programs cannot be executed by any user.
Silicon Graphics Inc. Security Advisory 19970501-02-PX, IRIX webdist.cgi, handler and wrap programs, ftp://sgigate.sgi.com/security/19970501-02-PX
AUSCERT Advisory AA-97.14, SGI IRIX webdist.cgi Vulnerability, ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.14.SGI.webdist.cgi.vul
Silicon Graphics Inc. Security Advisory 19970501-01-A, Vulnerability in webdist.cgi, ftp://sgigate.sgi.com/security/19970501-01-A
CERT Advisory CA-97.12, Vulnerability in webdist.cgi, http://www.cert.org/advisories/CA-97.12.webdist.html
