Re: [suse-security] SuSE 6.4| test.cgi

On my suse 6.4 i had only found this one /usr/doc/LDP/cgi-bin/test.cgi ============= #!/bin/sh echo Content-type: text/plain echo echo CGI/1.0 test script report: echo echo argc is $#. argv "$*". echo printenv ============= Some example from Linux Documentation Project ... [ ]'s Bacano ----- Original Message ----- From: "Grant M***" To: Sent: Sunday, May 14, 2000 3:23 AM Subject: [suse-security] SuSE 6.4| test.cgi

ok i just got SuSE 6.4 and was looking around when i tried one of those cgi scanners on my box, low and behold it came up with a the test.cgi exploit which allows people to basically see whats running on your computer

http://localhost/cgi-bin/test.cgi?*/

now i isntalled everything and have no clue whether it came on default installation, but this exploit could be wrather dangerous so if you could appoint me to a patch to fix this problem, i would be very greatful ----------------------------------------------- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com