CVE-2001-1130

Name of the Vulnerable Software and Affected Versions SuSE Linux versions 6.0 through 7.2

Description The issue allows remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters. This is achieved by causing the file to be searched using a .. in the HTTP referer to point to the directory that contains the keylist.txt file, utilizing the HTTP REFERER variable.

Recommendations For SuSE Linux versions 6.0 through 7.2, consider restricting access to the Sdbsearch.cgi script until a fix is available, and avoid using the HTTP REFERER variable in a way that could allow directory traversal. At the moment, there is no information about a newer version that contains a fix for this vulnerability.