[2212] in WWW Security List Archive
Re: BoS: CERT Advisory CA-96.11 - Interpreters in CGI bin Directories
daemon@ATHENA.MIT.EDU (Lincoln Stein)
Wed Jun 5 17:48:19 1996
Date: Wed, 5 Jun 1996 14:11:44 -0500
To: garym@softshore.com.au (Gary Meltzer)
From: lstein@genome.wi.mit.edu (Lincoln Stein)
Cc: WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>Under NT, I have found that putting "exit" at the end of the batch-file is
>a defence.
>
>Documentation on a possible wider defence for NT is at:
> http://www.softshore.com.au/cgi-bin/PEARL.BAT?
Brian Kendig of Netscape has confirmed that an "exit" at the end of the
file does seem to fix the problem with CGI .BAT files under the Netscape
servers. However neither he nor anyone else has been able to come up with
an explanation of why it works, so people should still be cautious.
Fortunately the new Fasttrack servers are specifically written to avoid the
problem.
Lincoln
---------------------------------------------------------------------------
Lincoln D. Stein MD,PhD lstein@genome.wi.mit.edu
Director, Informatics Core, MIT Genome Center (617) 252-1916
Whitehead Institute of Biomedical Research (617) 252-1902 FAX
Bldg 300, One Kendall Square, Cambridge MA 02139
---------------------------------------------------------------------------
