Bugtraq mailing list archives
ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed
From: joshua () CHAMAS COM (J C)
Date: Tue, 11 Jul 2000 03:38:56 -0000
ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed Apache::ASP < http://www.nodeworks.com/asp/ > had a security hole in its ./site/eg/source.asp distribution examples file, allowing a malicious hacker to potentially write to files in the directory local to the source.asp example script. The next version of Apache::ASP v1.95 going to CPAN will not have this security hole in its example ./site/eg/source.asp The general CHANGES for this release is below. Note that CPAN may not have the 1.95 version for another 24 hours. Until you have the latest examples, I would recommend deleting this source.asp file from any public web server that has Apache::ASP installed on it. The original report on a similar perl open() bug was at ZDNet's eWeek at http://www.zdnet.com/eweek/stories/general/0,11011,2600258,0 0.html where a hacking contest at openhack.com turned up a bug on its minivend ecommerce software. --Joshua Chamas =item $VERSION = 1.95; $DATE="07/10/00"; !!!!! EXAMPLES SECURITY BUG FOUND & FIXED !!!!! --FIXED: distribution example ./site/eg/source.asp now parses out special characters of the open() call when reading local files. This bug would allow a malicious user possible writing of files in the same directory as the source.asp script. This writing exploit would only have effect if the web server user has write permission on those files. Similar bug announced by openhack.org for minivend software in story at: http://www.zdnet.com/eweek/stories/general/0,11011,2600258,0 0.html !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -$0 now set to transferred file, when using $Server->Transfer -Fix for XMLSubsMatch parsing on cases with 2 or more args passed to tag sub that was standalone like <Apps:header type="header" title="Moo" foo="moo" />
Current thread:
- Re: ftpd: the advisory version, (continued)
- Re: ftpd: the advisory version Mike Gleason (Jul 02)
- [RHSA-2000:016-03] Multiple local imwheel vulnerabilities bugzilla () REDHAT COM (Jul 03)
- Re: ftpd: the advisory version monti (Jul 05)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 06)
- Re: ftpd: the advisory version monti (Jul 07)
- Re: ftpd: the advisory version Mikael Olsson (Jul 07)
- Re: ftpd: the advisory version David Maxwell (Jul 07)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 10)
- Re: ftpd: the advisory version Richard Rager (Jul 11)
- Infosec.20000712.worldclient.2.1 Rikard Carlsson (Jul 12)
- ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed J C (Jul 10)
- Novell Border Manger - Anyone can pose as an authenticated user Coward, Anonymous (Jul 07)