Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable

Aleph One (aleph1@DFW.NET)
Fri, 05 Sep 1997 16:03:11 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David J. Meltzer: "Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable"
Previous message: Artur Pydo - EuroBretagne: "Re: Overflow in one of Apache 1.1.1 (maybe later too)'s modules"

---------- Forwarded message ----------
Date: Fri, 5 Sep 1997 12:43:14 -0700
From: M. Bracewell <markb@ORA.COM>
To: NTBUGTRAQ@NTADVICE.COM
Subject: Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable

>O'reilly's webserver 'website' contains a demopackage that contains
>the cgi-program uploader.exe.
>The program uploader.exe doesn't check anything at all.....

This hole did exist prior to the July 1996 revision of uploader.bas,
when I added a security fix.
The fix has been available since that time at
http://software.ora.com/techsupport/software/updates.html
The revised uploader was also included in WebSite 1.1g

--
Mark Bracewell         markb@oreilly.com
RFC 793 2.10. - Robustness Principle:
TCP implementations will follow a general principle of robustness:
be conservative in what you do, be liberal in what you accept from others.

Next message: David J. Meltzer: "Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable"
Previous message: Artur Pydo - EuroBretagne: "Re: Overflow in one of Apache 1.1.1 (maybe later too)'s modules"