Bugtraq mailing list archives
Re: WWWBoard Vulnerability
From: spartak () AIF RU (Spartak Radchenko)
Date: Tue, 10 Nov 1998 14:11:39 +0300
I advise you not to use any of Matt Wright programs. According to my experience they are full of various bugs (at least, the program that I tried to use). I tried to use his Web counter (TextCounter C++ Version 1.3) and it was full of absolutely lame errors. His attemts to invent a new way of file locking was simply ridiculous. After several attempts to correct these errors I came to conclusion that its design is invalid beyond repair and simply rewrote it from the scratch. An example from http://www.worldwidemart.com/scripts/cgi-bin/c_download.cgi?s=textcounter&c=txt&f=tcounter.cpp: // Generate the lock filename. lock_file = new char[count_page_len + 4]; strcat(lock_file,data_dir); strcat(lock_file,count_page); strcat(lock_file,".lck"); No comments... My email to Matt Wright about these bugs was ignored. Spartak Radchenko SVR1-RIPE Arguments & Facts Weekly On Mon, 9 Nov 1998, Samuel Sparling wrote:
Recently, many vulnerabilities have been found in the popular "WWWBoard v2.0 ALPHA" script written by Matt Wright, this is yet another. When the
Current thread:
- Re: klogd 1.3-22 buffer overflow, (continued)
- Re: klogd 1.3-22 buffer overflow Neil Bright (Nov 11)
- Re: klogd 1.3-22 buffer overflow Peter van Dijk (Nov 11)
- Re: [Linux] klogd 1.3-22 buffer overflow Cory Visi (Nov 11)
- Re: [Linux] klogd 1.3-22 buffer overflow Martin Schulze (Nov 17)
- Re: [Linux] klogd 1.3-22 buffer overflow Michal Zalewski (Sep 12)
- Re: [Linux] klogd 1.3-22 buffer overflow security () PENGUIN NET AU (Nov 17)
- Update to Microsoft Security Bulletin (MS98-015) Aleph One (Nov 18)
- Multiple KDE security vulnerabilities (root compromise) David G. Andersen (Nov 18)
- Sun Security Bulletin #00179 Aleph One (Nov 18)
- Re: Sun Security Bulletin #00179 Jonathan A. Zdziarski (Nov 19)
- Re: klogd 1.3-22 buffer overflow Neil Bright (Nov 11)
- Re: WWWBoard Vulnerability Spartak Radchenko (Nov 10)
- Re: WWWBoard Vulnerability Samuel Sparling (Nov 10)
- world-readable shadow backups in SuSe 5.2 HD Moore (Nov 10)
- mSQL dummies Peter Boutzev (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 Erik (Nov 11)
- Bootpd 2.4.3 tmp race Marcelo Tosatti (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Roman Drahtmueller (Nov 12)
- More msql... Peter Boutzev (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Andrew Pitman (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 xnec (Nov 11)