(hhp) NewsUpdate1.1 Advisory (hhp)
             hhp-ADV#7 by: loophole
                hhp@hhp.perlx.com
             11/4/99 2:14:516am CST.
-----------------------------------------------
    Alright, there  is a fault in NewsUpdate1.1
available at: http://cgi.elitehost.com/

    This  is yet another piece of software with
permission  problems.  The  file 'password.txt'
is  created  and set to mode 644 by  newsup.pl,
which  can  be  read  by anyone.  It contains a
crypt(3)  password  that if were to be cracked,
could be used on form.htm.

     With  this,  you have access to change the
servers  news  html pages to whatever you chose
to display (Neat eh? :D).

     Fix: Change default modes.
-hhp-2t0---------------------------------------