COMMAND

    Pagelog.cgi

SYSTEMS AFFECTED

    Pagelog.cgi

PROBLEM

    Mark Stratman found following. There is a small bug in PAGELOG.cgi
    by Metertek which allows users to create and view files.  Any file
    on the system with a  '.log' extension readable by the  uid/gid of
    the  webserver  can  be  viewed.   In  addition,  two  files  with
    extensions of '.txt'  and '.log' can  be created in  any directory
    on the system that is writable  by the web server.  This  bug lies
    in the failure of the script to check for directory traversal.

    Proofs of concept:

    Viewing '.log' file:
    ====================
    - Create a file 'a.log' in tmp.
    - http://server/cgi-bin/pagelog.cgi?display=../../../../tmp/a
    - This will let you view a.log
    Creating files:
    ===============
    - http://server/cgi-bin/pagelog.cgi?name=../../../../../tmp/blah
    - This will create blah.txt and blah.log in /tmp/

SOLUTION

    Nothing yet.