Check or Attack Name: Handler Check

The handler cgi-bin program contains a vulnerability that allows a remote attacker to execute arbitrary commands on a web server running a vulnerable version of the program. The handler program is part of the Outbox Environment Subsystem for IRIX, installed by default on all SGI systems running IRIX 6.2 or newer. Older versions of IRIX may have this package optionally installed.

Disable the scripts included with the IRIX Outbox Environment Subsystem and obtain the patch(es) made available by SGI.

To disable the scripts, follow these steps:

• Log in as root on the vulnerable machine and type: # /bin/chmod 400 /var/www/cgi-bin/handler (assuming default install path of /var/www)
• Log in as root on the vulnerable machine and remove the outbox subsystem: # /usr/sbin/versions -v remove outbox

Patches: Patches are available from ftp://sgigate.sgi.com/Patches for the following versions:

IRIX 5.3: #2315 available from ftp://sgigate.sgi.com/Patches/5.3/patch2315.tar.
IRIX 6.0.x: Upgrade system or use temporary fix.
IRIX 6.1: Upgrade system or use temporary fix.
IRIX 6.2: #2314 available from ftp://sgigate.sgi.com/Patches/6.2/patch2314.tar.
IRIX 6.3: #2338 available from ftp://sgigate.sgi.com/Patches/6.3/patch2338.tar.
IRIX 6.4: #2338 available from ftp://sgigate.sgi.com/Patches/6.4/patch2338.tar.

Silicon Graphics Inc. Security Advisory 19970501-02-PX, IRIX webdist.cgi, handler and wrap programs, ftp://sgigate.sgi.com/security/19970501-02-PX