COMMAND

    ?

SYSTEMS AFFECTED

    System running Web servers that support SSI.

PROBLEM

    Leonid S.  Knyshov  wrote  that  if  you  run  that script with no
    filters on the  web server that  has SSI support,  you are in  the
    world for _serious_ trouble, such  as <--#exec cmd "rm -rf  /" -->
    (Note:  He  don't  remember  the  exact  SSI  syntax,  since it is
    disabled)

    Anything after cmd is exec'ed by a shell forked as the UID of  the
    httpd...  God save you if you run httpd as root in that case...

SOLUTION

    Disable SSI.