Snort mailing list archives
WG: Demarc Security Update Advisory
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 17 Apr 2002 07:01:35 +0200
I thought this would be interesting for many readers of this list. CU, Sandro -----Ursprüngliche Nachricht----- Von: Demarc Security Support [mailto:support () demarc com] Gesendet: Mittwoch, 17. April 2002 02:15 An: bugtraq () securityfocus com Betreff: Demarc Security Update Advisory ________________________________________________________________________ Demarc Security Update Advisory ________________________________________________________________________ Subject: 1.05 login bypass advisory Date: 16 April, 2002 ________________________________________________________________________ Earlier today we were informed indirectly via a bugtraq posting, of a security issue in the 1.05 version of our software. While were already scheduled to release version 1.6 of the software tomorrow, it is advised that you apply the following official patch to your current installation. On untrusted networks, the bug could lead to acquisition of administrative privileges within the Console. --------- --- demarc Sun Nov 11 23:48:39 2001 +++ demarc-patched Tue Apr 16 12:49:56 2002 @@ -6094,6 +6094,7 @@ ################ sub check_login{ my ($session_id) = @_; +$session_id=~tr/[a-zA-Z0-9]//dc; ($session_id) || return; &expire_sessions; ---------- This bug is not an issue with version 1.6 which is scheduled for release on Wednesday 17 April, 2002. Please visit the new web site, which will also be launched tomorrow, to download this new version. If you have any questions related to this bug, please email us at support () demarc com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- WG: Demarc Security Update Advisory Poppi, Sandro (Apr 16)
- <Possible follow-ups>
- RE: WG: Demarc Security Update Advisory Fallon, Benjamin (Apr 18)
- RE: WG: Demarc Security Update Advisory Ryan Hill (Apr 18)