ok i just got SuSE 6.4 and was looking around when i tried one of those cgi scanners on my box, low and behold it came up with a the test.cgi exploit which allows people to basically see whats running on your computer http://localhost/cgi-bin/test.cgi?*/ now i isntalled everything and have no clue whether it came on default installation, but this exploit could be wrather dangerous so if you could appoint me to a patch to fix this problem, i would be very greatful ----------------------------------------------- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com
ok i just got SuSE 6.4 and was looking around when i tried one of those cgi scanners on my box, low and behold it came up with a the test.cgi exploit which allows people to basically see whats running on your computer http://localhost/cgi-bin/test.cgi?*/ You can find it in /usr/local/httpd/cgi-bin/test.cgi (at least under suse 6.0-6.3 :) now i isntalled everything and have no clue whether it came on default installation, but this exploit could be wrather dangerous so if you could appoint me to a patch to fix this problem, i would be very greatful no patch needed - chmod 000 test.cgi with rpm -qf /usr/local/httpd/cgi-bin/test.cgi you can see the name of the package the file belongs to
greets! Markus Gaugusch -- ________________________________________ Markus Gaugusch markus@gaugusch.dhs.org ICQ-ID: 11374583 [www.mirabilis.com]
On my suse 6.4 i had only found this one /usr/doc/LDP/cgi-bin/test.cgi
=============
#!/bin/sh
echo Content-type: text/plain
echo
echo CGI/1.0 test script report:
echo
echo argc is $#. argv "$*".
echo
printenv
=============
Some example from Linux Documentation Project ...
[ ]'s Bacano
----- Original Message -----
From: "Grant M***"
ok i just got SuSE 6.4 and was looking around when i tried one of those cgi scanners on my box, low and behold it came up with a the test.cgi exploit which allows people to basically see whats running on your computer
http://localhost/cgi-bin/test.cgi?*/
now i isntalled everything and have no clue whether it came on default installation, but this exploit could be wrather dangerous so if you could appoint me to a patch to fix this problem, i would be very greatful ----------------------------------------------- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (3)
-
bacano
-
Grant M***
-
Markus Gaugusch