AW: test-cgi

From: Adrian Dabrowski (atroxat_private)
Date: Thu Jan 14 1999 - 16:14:48 PST

Next message: Brian McCauley: "Secuity hole with perl (suidperl) and nosuid mounts on Linux"

Previous message: Mike Jones: "security hole in Maximizer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

test-cgi should be banned from any system shortly after installation
anyway.

PATH_TRANSLATED can be abused by adding a / or a /~username to test-cgi.
This will give you the real pathname of the htdocs-dir respectively the
real pathname of an users $HOME/public_html.

This info could gain importance to a hacker in combination with some other
bug.

atrox'99

Next message: Brian McCauley: "Secuity hole with perl (suidperl) and nosuid mounts on Linux"
Previous message: Mike Jones: "security hole in Maximizer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:50 PDT