COMMAND
	    Global
SYSTEMS AFFECTED
	    Global-3.55 (NetBSD)
PROBLEM
	    Following is based on a  NetBSD Security Advisory 2000-014.   When
	    using the CGI interface of the Global v3.55 package, it's possible
	    to  execute  random  commands.   global  is  a source-code tagging
	    system for indexing and searching large bodies of source code.
	    The exploit of  this is possible  due to insufficient  handling of
	    quoted or  escaped characters  in this  version, and  command line
	    arguments that are then handed off to shell commands.
	    The  global  port,  versions  3.5  through  to  3.55,  contains  a
	    vulnerability in  the CGI  script generated  by the  htags utility
	    which  allows  a  remote  attacker  to  execute  code on the local
	    system as the user running the script, typically user 'nobody'  in
	    most installations.
	    If the 'htags -f' command is  used to generate a CGI script  which
	    is  then  installed  under  a  webserver,  then  remote  users may
	    execute arbitrary commands on the  local system as the user  which
	    runs  the  CGI  script.   If  you  have  not chosen to install the
	    global port/package, or you have  not used the 'htags -f'  command
	    to produce  a CGI  script, then  your system  is not vulnerable to
	    this problem.
	    The  problem  was  reported  in  NetBSD  PR 11165 by the author of
	    global,  Shigio   Yamaguchi.   The   package  updated   by  as   a
	    collaboration of Hubert Feyrer and David Brownlee.  Hubert  Feyrer
	    also drafted this security advisory.
SOLUTION
	    To find  out if  you have  the problematic  version of  the global
	    package installed, type
	
	        pkg_info -e global
	
	    If this displays "global-3.55" or  below, you are vulnerable.   If
	    this  displays  "global-4.0.1"  or  higher,  your  system  is  not
	    vulnerable either.   If this displays  no output at  all, it means
	    you don't have the "global" package installed, and your system  is
	    not vulnerable.
	    If your system is vulnerable,  the best solution is to  upgrade to
	    the latest version in pkgsrc,  which is 4.0.1 as of  this writing.
	    There are precompiled  binary packages of  global for some  NetBSD
	    ports available from:
	
	        ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/devel/global/README.html
	
	    If no precompiled binary is  available for your platform, you  can
	    build your own from source.
	    To  render  the  vulnerability  unexploitable,  modify  the   file
	    'HTML/cgi-bin/global.cgi' around line 35, and change the generated
	    HTML from:
	
	        $pattern =~ s/'//g;                     # to shut security hole
	
	    to
	
	        $pattern =~ s/"//g;                     # to shut security hole
	
	    For FreeBSD:
	
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/global-4.0.1.tgz
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/global-4.0.1.tgz
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/global-4.0.1.tgz
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/global-4.0.1.tgz
	        ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/global-4.0.1.tgz