| VID |
21078 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The '/cgi-bin/rpm_query' CGI is installed.
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to obtain a listing of the name and version number of every package installed on the system. |
| Recommendation |
1. Remove or disable this program as a temporary workaround.
# rm -f /home/httpd/cgi-bin/rpm_query
2. Update to latest packages from Caldera's FTP site available at:
ftp://ftp.calderasystems.com/pub/openlinux/updates/2.3/current/RPMS
3. See the following site:
ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-007.1.txt |
| Related URL |
CVE-2000-0192 (CVE) |
| Related URL |
1036 (SecurityFocus) |
| Related URL |
4168 (ISS) |
|
