Perception LiteServe MS-DOS filename vulnerability

[Wizdumb <wizdumb () unix za net>]

Perception LiteServe <http://www.cmfperception.com/liteserve.html> is a
Web, FTP and e-Mail server for Win*. When GET requests are made to
LiteServe's webserver with the name of the cgi-bin directory as a MS-DOS
directory name (eg.  cgi-shizznitch=CGI-SH~1 and cgi-bin=CGI-BIN),
LiteServe will read the script instead of executing it.

The vendor has been informed, and a fixed version (v1.28) is now available
on Perception's website. Thanks to Chris Fillion for his prompt response.

Cheers,
Andrew Lewis
---
wizdumb () leet org
http://www.mdma.za.net/fk