Re: Security-Hole in faxsurvey-form

To: Matthias Apitz <Matthias.Apitz@Sisis.de>
Subject: Re: flexfax: Security-Hole in faxsurvey-form
From: Carsten Hoeger <choeger@suse.de>
Cc: flexfax@sgi.com
Date: Wed, 29 Jul 1998 17:19:12 +0200

On Wed, Jul 29, Matthias Apitz wrote:

> > in the faxsurvey-cgi that comes with HylaFAX is a security-hole.
> > 
> > If you try this:
> > 
> > http://www.anyhost-with-this-cgi.com/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
> > 
> > 
> > You can e.g. read the host's passwd...
> > 
> > 
> > If this survey is from interest, I'll make a bug-fix.
> 
> Until a better solution for collecting the faxsurvey we should
> remove this from the distributiuons;

O.k., I've already done this...

-- 
mfG,
	Carsten Hoeger
------
Carsten Hoeger  - S.u.S.E. GmbH -  Gebhardtstr. 2  -  90762 Fuerth  -  Germany
fax +49-911-3206727                                     web http://www.suse.de
------

Prev by Date: Re: Security-Hole in faxsurvey-form
Next by Date: Problem with MultiTech
Prev by thread: Re: Security-Hole in faxsurvey-form
Next by thread: Re: (no subject)
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services