[原文]cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
Loss of Confidentiality,
Loss of Integrity
Cobalt Networks RaQ servers contain a flaw that allows a local malicious site administrator to edit or view private data on another site. The flaw is due to the cgiwrap program not properly parsing directory names. If a user's content is stored in a directory where CGI scripts are executed, cgiwrap will potentially execute them with the incorrect permissions allowing one site administrator to create a script that allowed viewing or modifying of another site's content.
Currently, there are no known workarounds or upgrades to correct this issue.
However, Cobalt Networks has released a patch to address this vulnerability.