COMMAND

    alibaba

SYSTEMS AFFECTED

    Those using Alibaba

PROBLEM

    Kerb found following.  He found newb bugs.  Using specially formed
    URL's, he was able to  list, view, create, delete, and/or  execute
    any file he wanted.  Here are a few examples:

        http://www.victim.com/cgi-bin/get32.exe|echo%20>c:\command.com

    allows  to  overwrite  the   command.com  file.   No   explanation
    necessary there.   Also, he  was able  to echo  machine code bytes
    into a  file, so  the possiblity  of a  trojan enters the picture.
    If ona has  FTP running, it  wouldnt be much  more than a  trivial
    task to write  a URL that  copies the trojan  binary into the  CGI
    directory and  point your  browser at  the trojan  to execute  it.
    Or even easier, just create a URL that will write the binary  data
    of the trojan into an EXE right in the CGI directory.

        http://www.victim.com/cgi-bin/alibaba.pl|dir

    allows to  have a  directory listing  of all  files in  CWD, which
    happens to  be the  CGI directory.   This could  be useful  for  a
    couple  things.   One,  finding  out  the  full  path  to  the CGI
    directory, for using exploits such  as the one listed before  this
    one.  Another would be to find files for overwriting (using the  >
    operator) or executing.  Another possible use would be to list all
    *.pwl in the windows directory.

        http://www.victim.com/cgi-bin/tst.bat|type%20c:\windows\win.ini

    This   URL   allows   to   view   the   entire   contents  of  the
    c:\windows\win.ini file.  No explanation necessary there.

    Kerb  chosed  those  3  CGI's  (out  of  the 15 that came with his
    install) because they are of different types; an EXE, a PL, and  a
    BAT.  Basically the examples he used above are just ideas of  what
    CAN be done.

SOLUTION

    Seems nothing will change.