The whois_raw.cgi perl script included in all freeware versions of the cdomain package allows remote attacker to view/retrieve any system files, such as /etc/passwd, and to execute commands. Exploit included, which drops a shell, unlike previous whois_raw.cgi exploits.
cdcb04dcc8c8d833822d837b47e293b61db57cc6668962ea1ef6d1dbedf1b93b