COMMAND

   faxsurvey cgi

SYSTEMS AFFECTED

    Linux S.u.S.E. running faxsurvey cgi

PROBLEM

    Tom  found  following.   There  exist  a  bug  in  the 'faxsurvey'
    CGI-Script, which allows an  attacker to execute any  command s/he
    wants with the permissions of  the HTTP-Server.  All the  attacker
    has to do is type:

        http://joepc.linux.elsewhere.org/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd

    in his favorite Web-Browser to  get a copy of your  Password-File.
    All S.u.S.E. 5.1 and 5.2 Linux Dist. (and I think also older ones)
    with the HylaFAX package installed are vulnerable to this attack.

SOLUTION

    S.u.S.E.  team  has  been  notified  about that problem.  Burchard
    Steinbild said they have not enough time to fix that bug for their
    5.3 Dist., so they decided to just remove the script from the file
    list.  Immediately remove/chown the cgi-script.