httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Murcko <ch...@telebase.com>
Subject Re: util.c hole and speed of security patch release
Date Thu, 25 Apr 1996 20:24:24 GMT
Paul Richards liltingly intones:
> 
> In reply to Jennifer Myers who said
> > 
> > 
> > Incidentally, I wrote to NASIRC yesterday (the originators of this
> > latest advisory) and they informed me that they noted the
> > presence of the same escape_shell_cmd() code in src/util.c as in
> > cgi-src/util.c, but did not examine the source code any further to
> > determine whether there was actually any vulnerability there.
> > (Seems that they really jumped the gun in posting the advisory.)
> 
> Exactly what I thought. Maybe we should ask them to post an addendum to
> allay all the unecessary fear they caused.
> 
> Undermines any credibility they have as a security alerting service.
> 
We're #1. Time to get used to the cheap shots. I think this qualifies.
IBM and Microsoft are not giving away their servers because they want to.
Not all information warfare is totally electronic, either.

Just my $0.01999...

chuck
Chuck Murcko	N2K Inc.	Wayne PA	chuck@telebase.com
And now, on a lighter note:
"What's the use of a good quotation if you can't change it?"
		-- Dr. Who

Mime
View raw message