www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: general/2182: test-cgi security flaw (fwd)
Date Tue, 05 May 1998 21:10:00 GMT
The following reply was made to PR general/2182; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Apache bugs database <apbugs@apache.org>
Cc:  Subject: Re: general/2182: test-cgi security flaw (fwd)
Date: Tue, 5 May 1998 13:53:40 -0600 (MDT)

 ---------- Forwarded message ----------
 Date: Tue, 05 May 1998 12:15:25 PDT
 From: wOrm sign <w0rms1gn@hotmail.com>
 To: marc@apache.org, marc@hyperreal.org
 Cc: apache-bugdb@apache.org
 Subject: Re: general/2182: test-cgi security flaw
 
 
 
 >Synopsis: test-cgi security flaw
 >
 >State-Changed-From-To: open-analyzed
 >State-Changed-By: marc
 >State-Changed-When: Tue May  5 08:32:47 PDT 1998
 >State-Changed-Why:
 >What OS are you using?
 >
 >Are you sure you aren't using an old copy of test-cgi?
 >
 >The version distributed with Apache is _NOT_ vulnerable to
 >this problem unless you use a very broken shell.  Note the:
 >
 ># disable filename globbing
 >set -f
 >
 >line.
 
 Hey, sorry about that.  I'm mistaken.  I downloaded the tar/gziped 
 source this morning to make sure the bug still existed, without actually 
 trying the script.  I looked for quotes, and saw none, not thinking that 
 a more robust solution might have been implemented.  The test-cgi script 
 I use on my home box is indeed very old.
 
 I'm not that familiar with this PR system, so maybe if you could close 
 this for me...
 
   sorry again, Reuben
 
 
 ______________________________________________________
 Get Your Private, Free Email at http://www.hotmail.com
 

Mime
View raw message