Bugtraq mailing list archives
ALERT: Xitami 2.5b5
From: "Matthew Murphy" <mattmurphy () kc rr com>
Date: Fri, 14 Jun 2002 15:22:21 -0500
I have notified iMatix via support () xitami com of multiple flaws in the GSL templates of Xitami 2.5 Beta. The e-mail was sent out today, so I will release technical details later on, but I did want to release a workaround: In defaults.cfg, users can set "use-error-script" in the "[Server]" section to "0". This will disable the vulnerable GSL script and secure your server. Users who have not installed the Beta should wait until a fix is available. Xitami has no security contact, so I decided to publish this workaround to avoid exploits of this bug. In my message to the company (iMatix) I told them that if no reply was received in 7 days, I would publish full details.
Current thread:
- ALERT: Xitami 2.5b5 Matthew Murphy (Jun 14)