August 20, 2001

SuSE: sdb vulnerability

Author: JT Smith

Posted at "Sdbsearch.cgi is Perl script which is part of the sdb package of SuSE Linux
was found vulnerable by using untrustworthy client input (HTTP_REFERER).
By exploiting this trust an attacker could force the sdbsearch.cgi script
to open a malicious keylist file which includes keywords and filenames.
By replacing the filename in the keylist file with the Perl pipe followed
by arbitrary shell commands the sdbsearch.cgi would execute these commands
when trying to open these 'filenames'.
Note, that the attacker needs local access to the machine to store the
keylist file on the server running sdbsearch.cgi. Misconfigured ftp
accounts, trojan tar balls or RPM files could also be used."


  • Linux
Click Here!