WG: Demarc Security Update Advisory

["Poppi, Sandro" <Sandro.Poppi () wacker com>]

I thought this would be interesting for many readers of this list.

CU,
Sandro


-----Ursprüngliche Nachricht-----
Von: Demarc Security Support [mailto:support () demarc com]
Gesendet: Mittwoch, 17. April 2002 02:15
An: bugtraq () securityfocus com
Betreff: Demarc Security Update Advisory


________________________________________________________________________

                 Demarc Security Update Advisory
________________________________________________________________________

Subject:                1.05 login bypass advisory
Date:                   16 April, 2002
________________________________________________________________________

Earlier today we were informed indirectly via a bugtraq posting, of a
security issue in the 1.05 version of our software. While were already
scheduled to release version 1.6 of the software tomorrow, it is advised
that you apply the following official patch to your current installation.
On untrusted networks, the bug could lead to acquisition of
administrative privileges within the Console.

---------

--- demarc              Sun Nov 11 23:48:39 2001
+++ demarc-patched      Tue Apr 16 12:49:56 2002
@@ -6094,6 +6094,7 @@
 ################
 sub check_login{
 my ($session_id) = @_;
+$session_id=~tr/[a-zA-Z0-9]//dc;

 ($session_id) || return;
 &expire_sessions;

----------

This bug is not an issue with version 1.6 which is scheduled for
release on Wednesday 17 April, 2002.  Please visit the new web site,
which will also be launched tomorrow, to download this new version.

If you have any questions related to this bug, please email us at
support () demarc com



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users