Mailinglist Archive: opensuse-security (192 mails)

< Previous Next >
Re: [suse-security] SuSE 6.4| test.cgi
  • From: Markus Gaugusch <markus@xxxxxxxxxxxxxxxx>
  • Date: Sun, 14 May 2000 11:28:39 +0200
  • Message-id: <391E71C7.C0055107@xxxxxxxxxxxxxxxx>
> ok i just got SuSE 6.4 and was looking around when i tried one of those cgi scanners on my box, low and behold it came up with a the test.cgi exploit which allows people to basically see whats running on your computer
> http://localhost/cgi-bin/test.cgi?*/
You can find it in /usr/local/httpd/cgi-bin/test.cgi
(at least under suse 6.0-6.3 :)
> now i isntalled everything and have no clue whether it came on default
> installation, but this exploit could be wrather dangerous so if you could
> appoint me to a patch to fix this problem, i would be very greatful
no patch needed -
chmod 000 test.cgi
with
rpm -qf /usr/local/httpd/cgi-bin/test.cgi
you can see the name of the package the file belongs to

greets!
Markus Gaugusch

--
________________________________________
Markus Gaugusch markus@xxxxxxxxxxxxxxxx
ICQ-ID: 11374583 [www.mirabilis.com]

< Previous Next >
References