ok i just got SuSE 6.4 and was looking around when i tried one of those cgi scanners on my box, low and behold it came up with a the test.cgi exploit which allows people to basically see whats running on your computer http://localhost/cgi-bin/test.cgi?*/ You can find it in /usr/local/httpd/cgi-bin/test.cgi (at least under suse 6.0-6.3 :) now i isntalled everything and have no clue whether it came on default installation, but this exploit could be wrather dangerous so if you could appoint me to a patch to fix this problem, i would be very greatful no patch needed - chmod 000 test.cgi with rpm -qf /usr/local/httpd/cgi-bin/test.cgi you can see the name of the package the file belongs to
greets! Markus Gaugusch -- ________________________________________ Markus Gaugusch markus@gaugusch.dhs.org ICQ-ID: 11374583 [www.mirabilis.com]