Caldera OpenLinux 2.3 rpm_query CGI Vulnerability

ID SSV:73707
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpm_query. Any user can run this CGI and obtain a listing of the packages, and versions of packages, installed on this system. This could be used to determine vulnerabilities on the machine remotely.

Run the rpm_query CGI via a GET. It is located in /cgi-bin/rmp_query, relative to the root of the web server.