www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "wOrm sign" <w0rms...@hotmail.com>
Subject Re: general/2182: test-cgi security flaw
Date Tue, 05 May 1998 12:15:25 GMT

>Synopsis: test-cgi security flaw
>State-Changed-From-To: open-analyzed
>State-Changed-By: marc
>State-Changed-When: Tue May  5 08:32:47 PDT 1998
>What OS are you using?
>Are you sure you aren't using an old copy of test-cgi?
>The version distributed with Apache is _NOT_ vulnerable to
>this problem unless you use a very broken shell.  Note the:
># disable filename globbing
>set -f

Hey, sorry about that.  I'm mistaken.  I downloaded the tar/gziped 
source this morning to make sure the bug still existed, without actually 
trying the script.  I looked for quotes, and saw none, not thinking that 
a more robust solution might have been implemented.  The test-cgi script 
I use on my home box is indeed very old.

I'm not that familiar with this PR system, so maybe if you could close 
this for me...

  sorry again, Reuben

Get Your Private, Free Email at http://www.hotmail.com

View raw message