Re: Remote count.cgi exploit mods

To: BUGTRAQ@xxxxxxxxxxxx
Subject: Re: Remote count.cgi exploit mods
From: Gus <angus@xxxxxxxxxxx>
Date: Tue, 14 Jul 1998 16:54:46 +0100
Approved-by: aleph1@DFW.NET
Reply-to: Gus <angus@xxxxxxxxxxx>
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxx>

Hi,

I wrote to the author of wwwcount, including the bugtraq traffic messages
and asking "The question is simply wether there is a secure version 2.3,
or should all users move to 2.4."

---------- Forwarded message ----------
Date: Tue, 14 Jul 1998 10:50:28 -0400 (EDT)
From: ma_muquit@xxxxxxxx
To: angus@xxxxxxxxxxx
Subject: Re: SECURITY: wwwcount

Everyone should use 2.4. I tried my best to scrutinize 2.4 as much as I
can for all possible buffer overflow (and other security) problems.
Note, I update the distribution occasionally. It was last updated:
May-09-1998.

Version 2.3 archive available from the web page has the fix for the
buffer overflow (in getenv() call). But it might have other problems, so
everyone should use 2.4.

The official counter page is at URL:
    http://www.fccc.edu/users/muquit/Count.html

Take care!

--
Muhammad A Muquit, ma_muquit@xxxxxxxx, http://www.fccc.edu/users/muquit/

Prev by Date: Linux and world-writable /tmp - UPDATE (fwd)
Next by Date: Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)
Previous by thread: Re: Linux and world-writable /tmp - UPDATE (fwd)
Next by thread: Sun Security Bulletin #00172 (fwd)
Index(es):
- Date
- Thread