Bug#39395: marked as done (cgi-scripts: bug in nph-test-cgi allowing directory listing)
Your message dated Mon, 16 Aug 1999 22:09:19 +0200
with message-id <19990816220919.B10567@p200.hrnet.fr>
and subject line [maor-installer@debian.org: cgi-scripts_1.0.10_i386.changes INSTALLED]
has caused the attached bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Ian Jackson
(administrator, Debian bugs database)
Received: (at submit) by bugs.debian.org; 12 Jun 1999 16:20:07 +0000
Received: (qmail 25752 invoked from network); 12 Jun 1999 16:20:07 -0000
Received: from main.lighting.ml.org (HELO lighting.ml.org) (195.205.44.70)
by master.debian.org with SMTP; 12 Jun 1999 16:20:07 -0000
Received: (qmail 16108 invoked by uid 1000); 12 Jun 1999 16:19:39 -0000
Date: 12 Jun 1999 16:19:39 -0000
Message-ID: <19990612161939.16107.qmail@lighting.ml.org>
From: greg@lighting.ml.org
Subject: cgi-scripts: bug in nph-test-cgi allowing directory listing
To: submit@bugs.debian.org
X-Mailer: bug 3.1.7
Package: cgi-scripts
Version: 1.0.9
Hi, try doing the following:
lynx http://host_name/cgi-bin/nph-test-cgi?*
this will show directory listing, and allow intruder to check how to
attack machine
This is very old bug, so i don't know why it isn't already fixed, but ...
;-)
-- System Information
Debian Release: 2.1
Kernel Version: Linux main 2.2.7 #4 SMP Sun May 30 12:56:57 CEST 1999 i586 unknown
Versions of the packages cgi-scripts depends on:
ii libc6 2.0.7.19981211 GNU C Library: shared libraries
Reply to: