www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: general/2182: test-cgi security flaw (fwd)
Date Tue, 05 May 1998 21:10:00 GMT
The following reply was made to PR general/2182; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Apache bugs database <apbugs@apache.org>
Cc:  Subject: Re: general/2182: test-cgi security flaw (fwd)
Date: Tue, 5 May 1998 13:53:40 -0600 (MDT)

 ---------- Forwarded message ----------
 Date: Tue, 05 May 1998 12:15:25 PDT
 From: wOrm sign <w0rms1gn@hotmail.com>
 To: marc@apache.org, marc@hyperreal.org
 Cc: apache-bugdb@apache.org
 Subject: Re: general/2182: test-cgi security flaw
 >Synopsis: test-cgi security flaw
 >State-Changed-From-To: open-analyzed
 >State-Changed-By: marc
 >State-Changed-When: Tue May  5 08:32:47 PDT 1998
 >What OS are you using?
 >Are you sure you aren't using an old copy of test-cgi?
 >The version distributed with Apache is _NOT_ vulnerable to
 >this problem unless you use a very broken shell.  Note the:
 ># disable filename globbing
 >set -f
 Hey, sorry about that.  I'm mistaken.  I downloaded the tar/gziped 
 source this morning to make sure the bug still existed, without actually 
 trying the script.  I looked for quotes, and saw none, not thinking that 
 a more robust solution might have been implemented.  The test-cgi script 
 I use on my home box is indeed very old.
 I'm not that familiar with this PR system, so maybe if you could close 
 this for me...
   sorry again, Reuben
 Get Your Private, Free Email at http://www.hotmail.com

View raw message