SGI IRIX cgi-bin wrap directory listing vulnerability

Risk Level: Medium risk vulnerability  Medium

Check or Attack Name: Wrap Check
Platforms: IRIX: 5.3, IRIX: 6.0.1, IRIX: 6.1, IRIX: 6.2, IRIX: 6.3, IRIX: 6.4, IRIX: 6.0, Common Gateway Interface (CGI)
Description:

The wrap CGI program contains a vulnerability that allows a remote attacker to obtain a listing of files on the server. The information gleaned from this exploit could be used in later attacks. The wrap program is part of the Outbox Environment Subsystem for IRIX, installed by default on all SGI systems running IRIX 6.2 or newer. Older versions of IRIX may have this package optionally installed.
Remedy:

Disable the scripts included with the IRIX Outbox Environment Subsystem and obtain the patch(es) made available by SGI.
References:

Silicon Graphics Inc. Security Advisory 19970501-02-PX, IRIX webdist.cgi, handler and wrap programs, ftp://sgigate.sgi.com/security/19970501-02-PX
X-Force Logo
Know Your Risks