Title: Bajie Arbitrary Shell Command Execution Vulnerability
Severity: HIGH
Description:
A flaw in Bajie makes it posssible for an attacker to execute commands on a Unix system running Bajie Webserver.
Unfortunately Bajie does not verify that a file exists before executing it.
When HTTP requests for a file 'within' the /cgi/bin/ path are recieved, Bajie attempts to locate and execute the file as a CGI program. It does this using a function similar to system() or popen(), passing the filename to /bin/sh.
Bajie neither ensures that the requested file exists nor validates the requested filename before passing it to the shell to be executed.
If any metacharacters exist in the request, they will be interpreted and acted upon by the shell. It is thus possible for an attacker to have arbitrary commands executed if they are included in the CGI 'filename' after a metacharacter such as ';' or '|'.
Successful exploitation of this vulnerability could lead to a remote attacker gaining access to the host running Bajie.
Affected Products:
- Bajie Java HTTP Server 0.78.0
References:
- Bajie: Bajie's Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
