JraNil

Member
Oct 12, 2004
8
0
151
Whenever i check my server by Nessus, I receive this Vulnerability :

-----
The 'guestbook.cgi' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).

Solution : remove it from /cgi-bin.
-----

How can I remove it completely? just remove it under /home or there is another way?
 

anand

Well-Known Member
Nov 11, 2002
1,432
1
168
India
cPanel Access Level
DataCenter Provider
JraNil said:
Whenever i check my server by Nessus, I receive this Vulnerability :

-----
The 'guestbook.cgi' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).

Solution : remove it from /cgi-bin.
-----

How can I remove it completely? just remove it under /home or there is another way?
guestbook.cgi is part of cgi scripts which come along with cpanel. If you want to disable them just change permisions of the scripts in /usr/local/cpanel/cgi-sys/.

For guestbook.cgi it would be

chmod 000 /usr/local/cpanel/cgi-sys/guestbook.cgi

However note that the next cpanel update will return the permissions to normal. You can choose to place the chmod inside a file /scripts/postupcp so it changes the permissions back everytime cpanel updates.
 

JraNil

Member
Oct 12, 2004
8
0
151
should I creat postupcp ?
there is no postupcp in /scripts.
 

deborahgsmith

Member
May 18, 2004
13
0
151
SE Michigan
Which version of guestbook.cgi are you using currently?

I thought they fixed the vulnerability in version 6 of cpanel.

Deborah
 

anand

Well-Known Member
Nov 11, 2002
1,432
1
168
India
cPanel Access Level
DataCenter Provider
JraNil said:
should I creat postupcp ?
there is no postupcp in /scripts.
Yes you need to create it. Though thats required only if you want to disable guestbook.cgi, i don't think the one shipping with cpanel has any vulnerability anymore (not sure still).
 

katz_global

Well-Known Member
PartnerNOC
can someone explain to me how nessus is even able to connect to that folder to know that script resides there?

/usr/local/cpanel/cgi-sys/guestbook.cgi

?

Seems to me that is more of a security issue that the script itself.