[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: another security hole

On Sun, Jul 11, 1999 at 01:23:32PM +0200, Grzegorz Stelmaszek wrote:
> I'd found a bug allowing remote users to list any directory in the os,
> when it uses cgi-scripts package.
> Don't answer that directory listing is not important for hackerz

Although this security issue it is not of extreme importance, yes, it
can be harmful, because anyone can see the file listing in directories
that the www-data user can read.

And you know, it would be nice if you proposed a fix for the bug.
A quick fix would be to remove or chmod -x the script.

enJoy -*/\*- spelled 'iosip', or simply 'joseph'

Reply to: