[5008] in WWW Security List Archive
Re: Recent attacks
daemon@ATHENA.MIT.EDU (Steffan Henke)
Wed Apr 9 19:57:43 1997
Date: Wed, 9 Apr 1997 22:33:19 +0200 (MET DST)
From: Steffan Henke <henker@informatik.uni-bremen.de>
To: David Low <C-Low@mail.dec.com>
cc: "'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
In-Reply-To: <c=US%a=_%p=Digital%l=KAOEXC2-970408151030Z-5980@pkohub1.athena.pko.dec.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Tue, 8 Apr 1997, David Low wrote:
> tends to use the test-cgi that come packaged with apache in order to
Most users remove the test-cgi and printenv scripts after a successfull
installation. On NCSA (at least till 1.3) this was a rather big problem
because you could gain information about arbitrary files, e.g., have a
look what was installed in /cgi-bin... However, there are still a lot of
these servers online nowadays.
> may want to remove execute privs from this CGI. He also goes after
> rfh.cgi which I am not sure what it is (since its not on my system).
> Anyone know what this does/how it can be used to gain information/access
> to a machine?
I don't know about rfh.cgi but if you mean phf.cgi I get a clue.
Regards,
Steffan
... Our continuing mission: To seek out knowledge of C, to explore
strange UNIX commands, and to boldly code where no one has man page 4.
