COMMAND

    Webcom's CGI Guestbook

SYSTEMS AFFECTED

    Win32

PROBLEM

    Mnemonix found following.   He reported a  while back on  Webcom's
    CGI  Guestbook  (wguest.exe  and  rguest.exe)  having  a number of
    security problems where any text based file on an NT machine could
    be read from the file  system provided the attacker knew  the path
    to the file and  the Anonymous Internet Account  (IUSR_MACHINENAME
    on IIS)  has the  NTFS read  right to  the file  in question.   On
    machines such as Windows  95/98 without local file  security every
    file is readable.   wguest.exe is used  to write to  the Guestbook
    and rguest.exe  is used  to read  from the  Guestbook.  To refresh
    memory, check:

        http://oliver.efri.hr/~crv/security/bugs/NT/httpd41.html

    Their latest version has made this simpler: a request for

        http://server/cgi-bin/wguest.exe?template=c:\boot.ini

    will return the remote Web server's boot.ini and

        http://server/cgi-bin/rguest.exe?template=c:\winnt\system32\$winnt$.inf

    will return the $winnt$.inf file.

SOLUTION

    Anybody using this Guestbook should remove it as soon as  possible
    and obtain another CGI Guestbook if you really need one.