Bugtraq mailing list archives

Re: Vulnerability in BOA web server v0.94.8.2

From: Brian Russo <brusso () PHYS HAWAII EDU>
Date: Sun, 8 Oct 2000 21:58:24 -1000

After having read the "Vulnerability in BOA web        server v0.94.8.2"
advisory by llmora, I wrote a simple exploit for the vulnerability.
It is tested on        Boa version 0.94.7 which I believe is distributed
with Debian.


This bug was closed in Debian (woody AND potato, i.e. unstable AND stable)
on October 7th.
(Actual upload was made on October 5th)

Package maintainer for debian package of boa is a boa developer, so not much
lag time.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=74231
for the bug report and resolution.

Would it really be so much effort to check the status of such things before
you just blurt them out?

(http://www.s21sec.com/en/avisos/s21sec-005-en.txt) Entire advisory

Sincerely yours,
teleh0r


 - brian

--
Brian Russo <brusso () phys hawaii edu> (808) 957 2333

Current thread:

Vulnerability in BOA web server v0.94.8.2 Lluis Mora (Oct 06)
- <Possible follow-ups>
- Re: Vulnerability in BOA web server v0.94.8.2 teleh0r - (Oct 08)
- Re: Vulnerability in BOA web server v0.94.8.2 Brian Russo (Oct 09)