Code: p107 Severity: Notice
Description: Websendmail is a cgi-bin program that comes with the WEBgais package. WEBgais is a collection of CGI gateway programs, which incorporate the Global Area Intelligent Search (GAIS) index/query system so that it can be used as a search engine in WWW information servers. Websendmail reads input from a form and sends e-mail to the specified destination. Versions of WEBgais up to v1.0b2 are vulnerable. Impact: Any running websendmail Corrective: Temporary Fix: As root on the vulnerable machine, type: # /bin/chmod 400 /usr/local/etc/httpd/cgi-bin/websendmail (replace with your cgi-bin directory as appropriate).
|
