Bugtraq mailing list archives

Re: WWWBoard Vulnerability

From: spartak () AIF RU (Spartak Radchenko)
Date: Tue, 10 Nov 1998 14:11:39 +0300


I advise you not to use any of Matt Wright programs. According to my
experience they are full of various bugs (at least, the program that I
tried to use).

I tried to use his Web counter (TextCounter C++ Version 1.3) and it was
full of absolutely lame errors. His attemts to invent a new way of
file locking was simply ridiculous. After several attempts to correct
these errors I came to conclusion that its design is invalid beyond repair
and simply rewrote it from the scratch.

An example from
http://www.worldwidemart.com/scripts/cgi-bin/c_download.cgi?s=textcounter&c=txt&f=tcounter.cpp:

 // Generate the lock filename.
    lock_file = new char[count_page_len + 4];
    strcat(lock_file,data_dir);
    strcat(lock_file,count_page);
    strcat(lock_file,".lck");

No comments...

My email to Matt Wright about these bugs was ignored.

Spartak Radchenko SVR1-RIPE
Arguments & Facts Weekly

On Mon, 9 Nov 1998, Samuel Sparling wrote:

Recently, many vulnerabilities have been found in the popular "WWWBoard
v2.0 ALPHA" script written by Matt Wright, this is yet another. When the

Current thread:

Re: klogd 1.3-22 buffer overflow, (continued)
- - Re: klogd 1.3-22 buffer overflow Neil Bright (Nov 11)
    - Re: klogd 1.3-22 buffer overflow Peter van Dijk (Nov 11)
  - Re: [Linux] klogd 1.3-22 buffer overflow Cory Visi (Nov 11)
  - Re: [Linux] klogd 1.3-22 buffer overflow Martin Schulze (Nov 17)
    - Re: [Linux] klogd 1.3-22 buffer overflow Michal Zalewski (Sep 12)
    - Re: [Linux] klogd 1.3-22 buffer overflow security () PENGUIN NET AU (Nov 17)
    - Update to Microsoft Security Bulletin (MS98-015) Aleph One (Nov 18)
    - Multiple KDE security vulnerabilities (root compromise) David G. Andersen (Nov 18)
    - Sun Security Bulletin #00179 Aleph One (Nov 18)
    - Re: Sun Security Bulletin #00179 Jonathan A. Zdziarski (Nov 19)
- Re: WWWBoard Vulnerability Spartak Radchenko (Nov 10)
  - Re: WWWBoard Vulnerability Samuel Sparling (Nov 10)
- world-readable shadow backups in SuSe 5.2 HD Moore (Nov 10)
  - mSQL dummies Peter Boutzev (Nov 11)
  - Re: world-readable shadow backups in SuSe 5.2 Erik (Nov 11)
    - Bootpd 2.4.3 tmp race Marcelo Tosatti (Nov 12)
    - Re: world-readable shadow backups in SuSe 5.2 Roman Drahtmueller (Nov 12)
    - More msql... Peter Boutzev (Nov 12)
  - Re: world-readable shadow backups in SuSe 5.2 Andrew Pitman (Nov 11)
  - Re: world-readable shadow backups in SuSe 5.2 xnec (Nov 11)