COMMAND

    convert.bas

SYSTEMS AFFECTED

    Systems running Novell's HTTP server

PROBLEM

    A remote user can  read any file on  the remote file system  using
    this CGI.   This means  that if  you are  running the  Novell HTTP
    server and have the 'out of box' CGI's, you are breached.

    Exploit code:

        http://victim.com/scripts/convert.bas?../../anything/you/want/to/view

    In a random sampling of 10 sites there was 1 site that  restricted
    using ../ so  (I assume) that  by using Novell's  security you CAN
    restrict   this   bug.   However   you   can   access  files  like
    AUTOEXEC.NCF,  and  even  login  scripts  in  the  hidden _NETWARE
    directory  (if  you  know  the  name).   It  does  appear  you are
    restricted to the SYS: volume,  however if you are using  XCONSOLE
    and have  your remote  console password  in plaintext  (instead of
    encrypted) you are just inviting  someone to telnet to the  server
    console....