BigIP - bigconf.cgi holes

Guy Cohen (guy@CRYPTO.ORG.IL)
Sun, 13 Jun 1999 22:18:20 +0300

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Ussr Labs: "Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability"
• Previous message: Brock Tellier: "FreeBSD 3.3's seyon vulnerability"
• Next in thread: Rob Gilde: "Re: BigIP - bigconf.cgi holes"
• Reply: Rob Gilde: "Re: BigIP - bigconf.cgi holes"
• Reply: Rob Gilde: "Re: BigIP - bigconf.cgi holes"

Hello,

For those of you who don't know what is BigIP, it is a software
developed by F5 labs to handle incoming traffic and redirect
it to a server with in a group of servers.
It is installed on BSDI system (maybe other too). Once it is has been
installed you can configure it either by using a command line or by
using the html interface (http server comes with the software).

The html interface basicly operates one program, bigconf.cgi, witch is
installed suid root. I have not spend much time learning how to exploit this
program, but from the bits I did, I was able to look at _any_ file
on the system simply by giving it's name to the cgi program (with appropriate
parameters of course).

The risk here is not from the outside, as the http server is protected
by a password, but from internal users. Less risk, but still ...

F5 has been notifyed.

--
Guy Cohen.

• Next message: Ussr Labs: "Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability"
• Previous message: Brock Tellier: "FreeBSD 3.3's seyon vulnerability"
• Next in thread: Rob Gilde: "Re: BigIP - bigconf.cgi holes"
• Reply: Rob Gilde: "Re: BigIP - bigconf.cgi holes"
• Reply: Rob Gilde: "Re: BigIP - bigconf.cgi holes"

This archive was generated by hypermail 2.0b3 on Tue Nov 09 1999 - 11:58:45 CST