Portal Home > Knowledgebase > Articles Database > Problem with CGI Telnet
Problem with CGI Telnet
| Posted by hamed23100, 03-10-2014, 11:27 AM |
| one of our customer uploaded a file (cgi telnet), and can go to the folowing places:
cd /
ls /
ls /scripts
ls /root
ls /bin
and many other places on the server.
also he can see:
cat /etc/passwd
how can i prevent user ?
is this normal ? or its security problem ?
i found this problem on many linux servers... what can i do with it ?
I asked this from Liquidweb management team for server i have there and they answered following, i am sure they do best but i want to make sure in such case server is secure or is it security issue:
/bin contains the files that are needed for a customer to run commands such as ls, cat, vim, tar, etc. Each of those is actually a small program that is stored in the /bin directory. If a user did not have read and execute permissions on the /bin directory, they would not be able to execute Linux commands. It would be a security issue if a user were able to write to the /bin directory and change the files there, but as I demonstrated in the previous reply that is not possible.
I am not able to access the new link you provided, it times out for me. However, users often require read access to /etc as well as many configuration files reside there. Again, the user with the shell does not have write access to /etc. /etc/passwd does not have particularly sensitive information, just the names and ID numbers of users on the server. There are no actual passwords stored there, those are in /etc/shadow which I have confirmed that this user does not have access to.
|
| Posted by mixmox, 03-11-2014, 02:49 AM |
| you have to ask admin's to manage your server instead of sing stupid tutorial in the internet, to prevent cgi perl and other scripts from execute these commands,
you can use cxs and also a antivirus to scan your data.
and also disable cgi access
|
| Posted by hamed23100, 03-11-2014, 07:03 AM |
| Hi,
what a bout free CMSes like joomla, wordpress,e107 doesnt they need CGI? also i dont thing disableing CGI be solution for this problem!
|
| Posted by actsupport, 03-12-2014, 01:14 AM |
| If a client has installed cgi telnet script then there is a possibility of
server threat. You can prevent them by,
Disable perl function or change the permission and ownership of
/usr/bin/perl in such a way that it cannot be executed.
If you do not offer any CGI to the client, then kindly disable it in
the server
|
| Posted by martijnatlico, 03-12-2014, 03:33 AM |
| Your webserver configuration determines as which user the CGI script is ran. It's up to you to make sure that this is an unprivileged user, in that way he cannot do much harm. Make sure all permissions on your files are correct so that the CGI script cannot be used to access source files with stuff like database credentials, because then it could be harmful. Your server administrator is correct in that the current situation (/bin accessible, /etc/shadow not) is a sane configuration that poses no threat.
This issue is not limited to CGI scripts by the way, there are also many PHP scripts that offer the same functionality.
|
| Posted by khunj, 03-12-2014, 04:49 AM |
| Are you sure your user can view the content of the /root folder (ls /root) ?
Regarding other commands, Liquidweb answered your question.
|
| Posted by hamed23100, 03-12-2014, 06:47 AM |
| Hi,
ls /root not work permission denied
ls / works
so you say it is not a problem? I am very worry how can i check if server is really secure, is there any special file or function that i can check to make sure if server is safe, how some other servers for cat /bin/sync give not fond error, while this file exists and my server show content of this file?
|
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
