>Number: 1576 >Category: mod_include >Synopsis: exec cmd bypasses ExecCGI security check. Any user can exec >random programs and we can't block it! >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Dec 19 10:50:00 PST 1997 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.4 >Environment: not really relevent to this, but here it is anyway BSD/OS copper.mv.net 2.1 BSDI BSD/OS 2.1 Kernel #2: Sun Mar 9 12:49:56 EST 1997 [EMAIL PROTECTED] net:/usr/src/sys/compile/COPPER i386 >Description: <!--#exec cmd="./test.cgi"-->
should NOT work. we have ExecCGI disabled. But we want users to be able to still run #exec cgi and #exec cmd provided they are running things in our cgi-bin area. >How-To-Repeat: >Fix: have #exec cmd not allow things to be executed in directories that have ExecCGI turned off. %0 >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
