httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: security hole. bluff?
Date Mon, 22 Apr 1996 18:37:55 GMT
On Mon, 22 Apr 1996, Tom Tromey wrote:
> Rob> has anyone yet seen an example of how to exploit the recent
> Rob> security "hole"?
> I saw a note on comp.infosystems.www.servers.unix that indicated that
> there was no way to exploit the hole.  The message said that the
> reason \n should be escaped is for poorly-written CGIs.  The author
> said he had talked to the originator of the report...
> I have no idea if this bears any relation to reality.

The gentleman whose message I responded to, bcc'ing the list, came back 
and said "I don't have to prove anything to you, if you just read you're way out of the loop, this hole has compromised 
some of the biggest sites on the net".  I asked him to put up or shut up, 
and he has yet to come back.  


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--  |  We're hiring!

View raw message