Re: Apache Vulnerability in WebTen

[Erik Lotspeich <erik@xxxxxxxxx>]

On Mon, 24 Jun 2002, Robert Brandtjen wrote:

> On Monday 24 June 2002 01:35 pm, you wrote:
> > By "execute arbitrary code", we mean exactly that -- any code that a
> > hacker thinks up can be executed.  So, in short, the answer to your
> > question is "yes".
>
> well, not exactly - you have to have the available binaries as well - the
> hacker ( not really a hacker, lets say script kiddie more likely) will think
> they are on a nix box and attempt to execute commands which don't exist in
> weten - it's not like he can access "root's" password or create an account,
> since there are no tools with which to do it. Even if he could, there are no
> tools such as telnet and SSH to allow further remote access.
>
> Most he can do is toss the files, even then, I'm not sure he really can trash
> them.

Robert,

It's not a matter of whether or not WebTen has certain "commands"
available.  It would be certainly possible for a hacker to "install"
certain commands on a victimized system in the /tmp directory (to which
all users have access), and run them.  Since any installed command could
only be run by user nobody, damage would be limited.

This possibility further underscores the point of the need to upgrade as
soon as possible.

Erik.

-- 
Erik Lotspeich                          Lead Engineer
Tenon Intersystems                      erik@xxxxxxxxx
1123 Chapala Street Ste 200             805-963-6983
Santa Barbara, CA 93101-3142            http://www.tenon.com/