netbsd-bugs: pkg/11165: Global-3.55 has a security hole that allows world-wide executable cgi.

Subject: pkg/11165: Global-3.55 has a security hole that allows world-wide executable cgi.
To: None <gnats-bugs@gnats.netbsd.org>
From: None <shigio@tamacom.com>
List: netbsd-bugs
Date: 10/08/2000 06:11:11

>Number:         11165
>Category:       pkg
>Synopsis:       Global-3.55 has a security hole that allows world-wide executable cgi.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 08 06:11:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Shigio Yamaguchi
>Release:        N/A
>Organization:
Tama Communications Corporation
>Environment:
All environment.
>Description:
Almost commands are world-executable by form if you publish
the hypertext generated by htags with the -f option.
>How-To-Repeat:
Please input following six charactor in the search form and
push [Search] bottom (Please input '"' as a charactor)

";ls;"

It will show the result of ls command. If you input ";cat /etc/passwd;"
then it will show the contents of /etc/passwd.
	
>Fix:
Replace global-3.55 with global-3.56 or 4.0.1 and regenerate hypertext.
	http://www.tamacom.com/global/global-3.56.tar.gz
	http://www.tamacom.com/global/global-4.0.1.tar.gz

If you hope to shut just the security hole urgently then please
modify file 'HTML/cgi-bin/global.cgi' in the generated hyper text
with your editor.

about 35 line:
$pattern =~ s/'//g;                     # to shut security hole
	|
	v
$pattern =~ s/"//g;                     # to shut security hole

>Release-Note:
>Audit-Trail:
>Unformatted: