[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CVE-2018-14429] man-cgi < 1.16 Local File Include

To: "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [CVE-2018-14429] man-cgi < 1.16 Local File Include
From: eL_Bart0 <eL_Bart0@xxxxxxxxxxxxx>
Date: Wed, 08 Aug 2018 07:58:48 +0000

man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If 
an Attacker provides a Filename as a Parameter (e.g.  
https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read  and 
return the local file. This is happening because of the way the Script calls 
the "man" command. Tests have shown that "man /some/random/file" (depending on 
it's  configuration) will first try to locate a manual page for the given  
Parameter and will fallback to reading the file provided by the Parameter if it 
wasn't able to find the requested manual page.

The Author of the Script was contacted and was kind enough to provide a bugfix 
Version. You can find the bugfix Version here: 
http://users.softlab.ntua.gr/~christia/man-cgi.html

[Vendor of Product]
Panagiotis Christias (http://users.softlab.ntua.gr/~christia/)

[Affected Product Code Base]
man-cgi < 1.16

[Attack Type]
Remote

[Impact Information Disclosure]
True

[Attack Vectors]
HTTP(s) Request

[Has vendor confirmed or acknowledged the vulnerability?]
True

Prev by Date: New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability
Next by Date: CA20180802-01: Security Notice for CA API Developer Portal
Previous by thread: New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability
Next by thread: CA20180802-01: Security Notice for CA API Developer Portal
Index(es):
- Date
- Thread