Hi all, Katsumi Imaizumi (k-imaiz _at_ silverhotel.co.jp) just let me know that there are still issues with CGI-Wrapper on the RaQs. He also reported it to CERT and Sun.
Change the domain and the username below to one of your RaQs and see yourself: http://www.victim.org/cgiwrapDir/cgiwrapd/~someone/<html><s>TEST</s> Reveals UID, GID of "someone", his home directory and some other errands. All by itself it isn't that big of a deal, but I could imagine a few scenarios where this information might aid in an exploitation. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
