Rich
Security bug found
Excite announced today that its free and unsupported software, Excite for
Web Servers v1.1 for all platforms (EWS), released in Q'3 of 1996,
contains a bug that could potentially compromise the webserver on which it
is installed. This bug in no way affects Excite.com, anyone Visiting or
Searching Excite.com, any search boxes (for example, those on Netscape or
Microsoft sites) that point to Excite.com, downloadable chat clients,
Excite Direct, Excite Pal, or sites that the Excite spider indexes.
This bug appears to be contained only in the free, unsupported version 1.1
of Excite for Webservers (EWS). Excite appreciates its users involvement
and notification as to the existence of this bug.
As of 1/14/98, Excite has issued to industry watchdog CERT*
(http://www.cert.org) patches for immediate distribution to all systems
administrators via a CERT vendor-initiated bulletin. The CERT Coordination
Center charter is to work with the Internet Community in detecting and
resolving computer security incidents as well as taking steps to prevent
future incidents.
We have rigorously tested these patches in house. While we are awaiting
official verification from CERT, we are making the patches available to
the EWS user base. For more detailed information on the bug or to access
the patches, go to the patches page at
http://www.excite.com/navigate/patches.html.