× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2018

Re: Scanning IFS for the existance of a file.

The membership of OFS objects in the IFS is problematic for some commands.
Use a for statement to search from the root dirs that are *not* OFS
doohickeys.

e.g.,

cd /
for i in "www QOpenSys home" # add whatever dirs to this list you want to
search
do
find $i | grep "?guest.exe"
done

or something like that.

On Mon, Sep 24, 2018 at 7:07 AM Rob Berendt <rob@xxxxxxxxx> wrote:

I want to hunt down and find two files in the IFS. IDK if that IFS is a
symbolic link into /qsys.lib or not, I just want to find these. These
files are rguest.exe and wguest.exe. We're getting dinged on an audit
because of the existence of these files. I'm beginning to question
whether the audit is testing for the actual files, or the function they
perform and then "assume" it's one of those two files. After all, .exe
files aren't really an IBM i kind of thing.

My first foray was querying the output of RTVDIRINF. No luck.

Next I tried qsHell.
find / -name "*guest.*"
find: 001-0023 Error found opening file
/QSYS.LIB/PMEDHUSR.LIB/EDH_H1.DTAQ. Resource busy.
find: 001-0023 Error found opening file
/QSYS.LIB/PMEDHUSR.LIB/EDH_H2.DTAQ. Resource busy.
find: 001-0023 Error found opening file
/QSYS.LIB/PMEDHUSR.LIB/EDH_H3.DTAQ. Resource busy.
find: 001-0023 Error found opening file
/QSYS.LIB/PMEDHUSR.LIB/EDH_H4.DTAQ. Resource busy.
find: 001-0023 Error found opening file /QSYS.LIB/QQFENDSVR.PGM.
Resource busy.
$
Which makes me wonder if this stupid find command is searching contents,
or if it can't figure out if these object types are a directory or not.

Original problem:
Webcom CGI Guestbook File Disclosure Vulnerability
CVE-1999-0467
THREAT:
The programs 'wguest.exe' and 'rguest.exe' are present on the server.
IMPACT:
Unauthorized users can read arbitrary files.
SOLUTION:
Install and use another Guestbook program.
EXPLOITABILITY:
The Exploit-DB
Reference: CVE-1999-0467
Description: WebCom datakommunikation Guestbook 0.1 - 'rguest.exe'
Arbitrary File Access - The Exploit-DB Ref : 20447
Link: http://www.exploit-db.com/exploits/20447
Reference: CVE-1999-0467
Description: WebCom datakommunikation Guestbook

One big recent change was the addition of some Zend for a bolt on we're
evaluating.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.