[原文]Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.
[CNNVD]SGI's Performer API Search Tool (performer_tools) pfdispaly.cgi目录遍历漏洞(CNNVD-199804-008)
SGI's Performer API Search Tool的(performer_tools)pfdispaly.cgi程序（有时被称为"pfdisplay"）存在目录遍历漏洞。远程攻击者可以利用该漏洞读任意文件。
IRIX contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious attacker uses the IRIS Performer API Search Tool (pfdisplay) to access files, which will disclose any files that can be accessed by the user nobody, resulting in a loss of confidentiality.
Silicon Graphics, Inc. has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround: change the permissions on pfdisplay.cgi.
#/bin/chmod 500 /var/www/cgi-bin/pfdispaly.cgi