#!/bin/sh umask 022 PATH=/bin:/usr/bin error=false echo Content-type: text/html echo cat << EOM ls (1M)


Intro: The purpose of this page was to test a vulnerability in WWW HTTP/1.0 Server, 1.4.1A; as shipped with IRIX 6.2 in low end machines. Since this is already an old bug; this CGI is now disabled.

These are SGI patches for this problem, you can find them at ftp://sgigate.sgi.com/security

CERT Advisory CA-97.12.webdist excerpt:

   OS Version     Vulnerable?     Patch #      Other Actions
   ----------     -----------     -------      -------------

   IRIX 3.x          no
   IRIX 4.x          no
   IRIX 5.0.x        no
   IRIX 5.1.x        no
   IRIX 5.2          no
   IRIX 5.3          yes          2315
   IRIX 6.0.x        yes          not avail    Note 1
   IRIX 6.1          yes          not avail    Note 1
   IRIX 6.2          yes          2314
   IRIX 6.3          yes          2338
   IRIX 6.4          yes          2338