COMMAND

    WWW Authorization Gateway

SYSTEMS AFFECTED

    Systems running CGI above

PROBLEM

    Albert Nubdy found following.  He has discovered a problem in  the
    WWW  Authorization  Gateway  0.1  By  Ray  Chan   From West's Perl
    Archive.  This CGI let's users grant or deny access to some pages.
    You can execute any command you  please with it.  That is  because
    of this little line:

        $info = `grep $DATA{"user"} $passurl`;

    To exploit You would just have to put:

        | any command you would like

    as a username and any password.

SOLUTION

    It will be updated.