[ SOURCE: http://www.secureroot.com/security/advisories/9762084705.html ]

  Xitami Web/FTP Server security vulnerability (testcgi)
------------------------------------------------------------------------


SUMMARY

Xitami web server default's installation of the CGI bin directory contains 
a test CGI that allows remote users to view information regarding the 
operating system and web server's directory.

DETAILS

Vulnerable systems:
Xitami WEB/FTP release 2.5b4

Example:
http://www.example.com/cgi-bin/testcgi 

will produce the following output:
 
 
 Environment Variables
 
COMPUTERNAME   = MYSERVER
COMSPEC              = C:\WINNT\system32\cmd.exe
HOMEDRIVE           = C:
HOMEPATH            = \
LOGONSERVER     = \\MYSERVER
NUMBER_OF_PROCESSORS = 1
OS                   = Windows_NT
OS2LIBPATH           = C:\WINNT\system32\os2\dll;
PATH                 = C:\WINNT\system32;C:\WINNT
PROCESSOR_ARCHITECTURE = x86
PROCESSOR_IDENTIFIER = x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL      = 6
PROCESSOR_REVISION   = 0803
SYSTEMDRIVE          = C:
SYSTEMROOT           = C:\WINNT
TEMP                 = C:\TEMP
TMP                  = C:\TEMP
USERDOMAIN           = MYSERVER
USERNAME             = Administrator
USERPROFILE          = C:\WINNT\Profiles\Administrator
      WINDIR               = C:\WINNT
HTTP_ACCEPT_CHARSET  = iso-8859-1,*,utf-8
HTTP_ACCEPT_LANGUAGE = en
HTTP_ACCEPT_ENCODING = gzip
HTTP_ACCEPT          = image/gif, image/x-xbitmap, image/jpeg, 
image/pjpeg, image/png, */*
HTTP_HOST            = 127.0.0.1
HTTP_USER_AGENT      = Mozilla/4.75 [en] (WinNT; U)
HTTP_CONNECTION      = Keep-Alive
HTTP_CONTENT_LENGTH  = 0
SERVER_SOFTWARE      = Xitami
SERVER_VERSION       = 2.5b4
SERVER_NAME          = 127.0.0.1
SERVER_URL           = http://127.0.0.1/
SERVER_PORT          = 0
SERVER_PROTOCOL      = HTTP/1.1
SERVER_SECURITY      = -
GATEWAY_INTERFACE    = CGI/1.1
REQUEST_METHOD       = GET
QUERY_METHOD         = GET
SCRIPT_PATH          = cgi-bin
SCRIPT_NAME          = /cgi-bin/testcgi
CONTENT_TYPE         =
CONTENT_LENGTH       = 0
REMOTE_USER          = -
REMOTE_HOST          = 127.0.0.1
REMOTE_ADDR          = 127.0.0.1
PATH_INFO            =
PATH_TRANSLATED      = C:/Xitami/webpages
DOCUMENT_ROOT        = C:/Xitami/webpages
CGI_ROOT             = C:/Xitami/cgi-bin
CGI_URL              = /cgi-bin
CGI_STDIN            = C:\TEMP\pipe0001.cgi
CGI_STDOUT           = C:\TEMP\pipe0001.cgo
CGI_STDERR           = cgierr.log

Workaround:
Delete testcgi.exe file, or disable the cgi-bin directory in Xitami 
Administration under CGI properties configuration menu.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:zer0logic@privacyx.com> 
zer0-logic.