Hylafax Mailing List Archives

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security-Hole in faxsurvey-form



On Wed, Jul 29, Matthias Apitz wrote:

> > in the faxsurvey-cgi that comes with HylaFAX is a security-hole.
> > 
> > If you try this:
> > 
> > http://www.anyhost-with-this-cgi.com/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
> > 
> > 
> > You can e.g. read the host's passwd...
> > 
> > 
> > If this survey is from interest, I'll make a bug-fix.
> 
> Until a better solution for collecting the faxsurvey we should
> remove this from the distributiuons;

O.k., I've already done this...

-- 
mfG,
	Carsten Hoeger
------
Carsten Hoeger  - S.u.S.E. GmbH -  Gebhardtstr. 2  -  90762 Fuerth  -  Germany
fax +49-911-3206727                                     web http://www.suse.de
------



Home
Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services