Summary
RedHat Linux 6.0 installs by default a squid cache manager cgi script with no restricted access permissions. This script could be used to perform a port scan from the cgi-host machine.
Solution
If you are not using the box as a Squid www proxy/cache server then uninstall the package by executing:
/etc/rc.d/init.d/squid stop
rpm -e squid
If you want to continue using the Squid proxy server software, make the following actions to tighten security access to the manager interface:
mkdir /home/httpd/protected-cgi-bin
mv /home/httpd/cgi-bin/cachemgr.cgi /home/httpd/protected-cgi-bin/
And add the following directives to /etc/httpd/conf/access.conf and srm.conf:
--- start access.conf segment ---
# Protected cgi-bin directory for programs that
# should not have public access
order deny,allow
deny from all
allow from localhost
#allow from .your_domain.com
AllowOverride None
Options ExecCGI
--- end access.conf segment ---
--- start srm.conf segment ---
ScriptAlias /protected-cgi-bin/ /home/httpd/protected-cgi-bin/ --- end srm.conf segment ---
Severity
Classification
-
CVE CVE-1999-0710 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AWStats configdir parameter arbitrary cmd exec
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- ASP Inline Corporate Calendar SQL injection
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- 68designs 68kb Multiple Remote File Include Vulnerabilities