guestbook.cgi

[JraNil]

Whenever i check my server by Nessus, I receive this Vulnerability :

-----
The 'guestbook.cgi' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).

Solution : remove it from /cgi-bin.
-----

How can I remove it completely? just remove it under /home or there is another way?

 

[anand]

Whenever i check my server by Nessus, I receive this Vulnerability :

-----
The 'guestbook.cgi' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).

Solution : remove it from /cgi-bin.
-----

How can I remove it completely? just remove it under /home or there is another way?

guestbook.cgi is part of cgi scripts which come along with cpanel. If you want to disable them just change permisions of the scripts in /usr/local/cpanel/cgi-sys/.

For guestbook.cgi it would be

chmod 000 /usr/local/cpanel/cgi-sys/guestbook.cgi

However note that the next cpanel update will return the permissions to normal. You can choose to place the chmod inside a file /scripts/postupcp so it changes the permissions back everytime cpanel updates.

 

[JraNil]

should I creat postupcp ?
there is no postupcp in /scripts.

 

[deborahgsmith]

Which version of guestbook.cgi are you using currently?

I thought they fixed the vulnerability in version 6 of cpanel.

Deborah

 

[anand]

should I creat postupcp ?
there is no postupcp in /scripts.

Yes you need to create it. Though thats required only if you want to disable guestbook.cgi, i don't think the one shipping with cpanel has any vulnerability anymore (not sure still).

 

[katz_global]

can someone explain to me how nessus is even able to connect to that folder to know that script resides there?

/usr/local/cpanel/cgi-sys/guestbook.cgi

?

Seems to me that is more of a security issue that the script itself.