Caldera OpenLinux 2.3 rpm_query CGI Vulnerability

info
discussion
exploit
solution
references

Caldera OpenLinux 2.3 rpm_query CGI Vulnerability

A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpm_query. Any user can run this CGI and obtain a listing of the packages, and versions of packages, installed on this system. This could be used to determine vulnerabilities on the machine remotely.