Here are some possible solutions for the items enumerated and described by
Mr. Alex Hernandez in his "Colbalt-RAQ-v4-Bugs&Vulnerabilities" message.
------------------------
1. CROSS SITE SCRIPTING.
------------------------
Possible workaround: Instead of deleting or disabling the "service.cgi"
file, edit the file and add a line that strips out HTML tags. Something
like this:
$service =~ s/<([^>])*>//g;
This may be added after this line in the code:
my $service = $q->param('service');
-----------------------------
2. TRAVERSAL VULNERABILITIES.
-----------------------------
Possible workaround: Create an .htaccess file in the /usr/admserv/html
directory with the following entry:
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
This should prevent all .htaccess files from being viewed by any web browser.
---------------------
3. DENIAL OF SERVICE.
---------------------
Possible workaround: Again, in the "service.cgi" file, add a simple check
for the length of the string passed. In this example, if the string is >
500 chars, the program exits.
if (length($service) > 500) { exit; }
Hope these info somehow help.
Peter N. Go
Site Owner/Administrator
CGI City - http://CGI-City.net/
mailto:cgicity@icthus.net
