 HylaFAX The world's
most advanced open source fax server
|
[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]
Re: Security-Hole in faxsurvey-form
- To: Matthias Apitz <Matthias.Apitz@Sisis.de>
- Subject: Re: flexfax: Security-Hole in faxsurvey-form
- From: Carsten Hoeger <choeger@suse.de>
- Cc: flexfax@sgi.com
- Date: Wed, 29 Jul 1998 17:19:12 +0200
On Wed, Jul 29, Matthias Apitz wrote: > > in the faxsurvey-cgi that comes with HylaFAX is a security-hole. > > > > If you try this: > > > > http://www.anyhost-with-this-cgi.com/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd > > > > > > You can e.g. read the host's passwd... > > > > > > If this survey is from interest, I'll make a bug-fix. > > Until a better solution for collecting the faxsurvey we should > remove this from the distributiuons; O.k., I've already done this... -- mfG, Carsten Hoeger ------ Carsten Hoeger - S.u.S.E. GmbH - Gebhardtstr. 2 - 90762 Fuerth - Germany fax +49-911-3206727 web http://www.suse.de ------
- Prev by Date: Re: Security-Hole in faxsurvey-form
- Next by Date: Problem with MultiTech
- Prev by thread: Re: Security-Hole in faxsurvey-form
- Next by thread: Re: (no subject)
- Index(es):
Project hosted by iFAX Solutions