httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Richards <>
Subject Re: util.c hole and speed of security patch release
Date Thu, 25 Apr 1996 20:11:24 GMT
In reply to Jennifer Myers who said
> Incidentally, I wrote to NASIRC yesterday (the originators of this
> latest advisory) and they informed me that they noted the
> presence of the same escape_shell_cmd() code in src/util.c as in
> cgi-src/util.c, but did not examine the source code any further to
> determine whether there was actually any vulnerability there.
> (Seems that they really jumped the gun in posting the advisory.)

Exactly what I thought. Maybe we should ask them to post an addendum to
allay all the unecessary fear they caused.

Undermines any credibility they have as a security alerting service.

  Paul Richards. Originative Solutions Ltd.  (Netcraft Ltd. contractor)
  Elsevier Science TIS online journal project.
  Phone: 0370 462071 (Mobile), +44 (0)1865 843155

View raw message