COMMAND

    viewsrc.cgi

SYSTEMS AFFECTED

    viewsrc.cgi 2.0

PROBLEM

    Joe  Testa  found  following.   viewsrc.cgi  v2.0 is a source-code
    viewing CGI script.  A vulnerability exists which allows a  remote
    user to view any file on the server.

    The following URL demonstrates the problem:

        http://localhost/cgi-bin/viewsrc.cgi?loc=../[any file outside restricted directory]

SOLUTION

    Apply the following patch to viewsrc.cgi:

    53a54,56
    > $FORM{'loc'} =~ s/\.\.//g;
    > $FORM{'loc'} =~ s/\\//g;
    > $FORM{'loc'} =~ s/\///g;
    65c68
    <          open (INHTML, "$predo") or die &err_loc;
    ---
    >          open (INHTML, "<$predo") or die &err_loc;

    This  patch  removes  any  '..',  '/',  or  '\'s  present  in  the
    $FORM{'loc'} variable.  It also makes the open() command safer  by
    using the '<' read-only specifier.

    Official fix expected.