Bugtraq mailing list archives
New FrontPage98 Server Extensions Release (fwd)
From: marcs () ZNEP COM (Marc Slemko)
Date: Fri, 20 Mar 1998 11:48:00 -0700
Anyone using the FrontPage extensions on a Unix system should note the couple of possible security issues in the below forwared message and be sure that they do not cause problems in your environment. I have not looked at the issues at all, I am just forwarding a note that RTR sent to their mailing list. ---------- Forwarded message ---------- Date: Fri, 20 Mar 1998 10:45:33 -0500 From: RTR Webmaster <webmaster () pudding rtr com> Subject: New FrontPage98 Server Extensions Release Please note that there is a new release of the FrontPage98 Server Extensions for UNIX. It includes: 1. Server-Side Script Security Combining server-side scripting code on a web page along with a FrontPage component (formerly "WebBot component") would allow an end-user to view the actual script if they view the source of the resulting page. Also, a user knowledgeable about the Server Extensions could exploit this behavior to view script source by passing the page to the browse-time Server Extensions EXE, SHTML.EXE. 2. Symbolic Links If a user with telnet access to their content directory created symbolic links within this directory, the FrontPage Explorer and the FrontPage Server Administrator (fpsrvadm.exe) would follow the symbolic links and therefore could potentially make unwanted changes to the linked files. 3. Updated fpcount.exe Until the update, this executable could potentially cause a browse-time hang. 4. Discussion Webs A Discussion Web issue where sorting messages in reverse chronological order did not work. 5. NORTBOTS.HTM with Disk-based webs An issue specific to disk-based webs that are published to a FrontPage-extended Web server where activating FrontPage components may result in a "HTTP/1.0 404 Object not found" error. Also included in this release is Apache-fp 1.2.5. To obtain more information concerning this release please check http://www.rtr.com/fpsupport/1330update_UNIX.htm and to download them http://www.rtr.com/fpsupport/download.htm. <html> More Information To Download </html>
Current thread:
- LinCity Buffer Overflow T. Freak (Mar 16)
- Re: LinCity Buffer Overflow Bob Tracy - TDS (Mar 16)
- BSD/OS 3.0 config_anonftp script trey (Mar 16)
- bug in su (Slackware 3.4) Peter van Dijk (Mar 15)
- Re: bug in su (Slackware 3.4) Martin Schulze (Mar 22)
- Re: bug in su (Slackware 3.4) Martin Schulze (Mar 22)
- bug in su (Slackware 3.4) Peter van Dijk (Mar 15)
- Re: BSD/OS 3.0 config_anonftp script Bill Becker (Mar 18)
- ncftp 2.4.2 MkDirs bug Michal Zalewski (Mar 19)
- Re: ncftp 2.4.2 MkDirs bug Theo Van Dinter (Mar 20)
- New FrontPage98 Server Extensions Release (fwd) Marc Slemko (Mar 20)
- Ascend Kill Thomas Michaux (Mar 20)
- <Possible follow-ups>
- Re: Lincity Buffer Overflow bst () INAME COM (Mar 17)