jj
--

CVE Number: 
CVE-1999-0260

Details:
The jj cgi script was found on the system. This script does not check user data
being sent to /bin/mail, which allows a nefarious individual to execute
commands via mail's shell escape. While password protected, the passwords are
well known.

Fix:
It is recommended that the file be removed from the system.

Related URLs:
http://www.securityfocus.com/templates/archive.pike?list=1&date=1996-12-22&msg=Pine.SUN.3.94.961224201129.10257A-100000@dfw.dfw.net

$Id: jj,v 1.1 2000/11/06 15:34:20 loveless Exp $
