www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "wOrm sign" <w0rms...@hotmail.com>
Subject Re: general/2182: test-cgi security flaw
Date Tue, 05 May 1998 12:15:25 GMT


>Synopsis: test-cgi security flaw
>
>State-Changed-From-To: open-analyzed
>State-Changed-By: marc
>State-Changed-When: Tue May  5 08:32:47 PDT 1998
>State-Changed-Why:
>What OS are you using?
>
>Are you sure you aren't using an old copy of test-cgi?
>
>The version distributed with Apache is _NOT_ vulnerable to
>this problem unless you use a very broken shell.  Note the:
>
># disable filename globbing
>set -f
>
>line.

Hey, sorry about that.  I'm mistaken.  I downloaded the tar/gziped 
source this morning to make sure the bug still existed, without actually 
trying the script.  I looked for quotes, and saw none, not thinking that 
a more robust solution might have been implemented.  The test-cgi script 
I use on my home box is indeed very old.

I'm not that familiar with this PR system, so maybe if you could close 
this for me...

  sorry again, Reuben


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Mime
View raw message