| VID |
21068 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The 'pfdispaly' CGI is installed.
pfdispaly CGI program for SGI's Performer API Search Tool allows read access to files. The IRIS Performer API Search Tool software subsystem (performer_tools) is loaded by default when installing the IRIX Performer 2.2 CD on IRIX 6.2, 6.3 and 6.4
If exploited, may allow any user to view files on the vulnerable system with privileges of httpd daemon (usually "nobody"). A local account is not required and can be exploited remotely. |
| Recommendation |
If it's not needed, remove the file from the CGI directory, or patch to the latest version. Patches are available via anonymous FTP and your service/support provider.
The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror, ftp.sgi.com. Security information and patches can be found in the ~ftp/security and ~ftp/patches directories, respectfully. |
| Related URL |
CVE-1999-0270 (CVE) |
| Related URL |
64 (SecurityFocus) |
| Related URL |
810 (ISS) |
|
