Here's something Excite has posted to their web page and mailed to their customers. I'm curious about the "all platforms" part as I am unaware of the bug affecting NT. Also note that they have made patches publicly available, in case anyone wants patches from Excite rather than the patches posted to Bugtraq about this issue. (Well, I assume it's the same issue. I'm not sure there's enough info in the message to really know for absolute certain.) Rich Security bug found Excite announced today that its free and unsupported software, Excite for Web Servers v1.1 for all platforms (EWS), released in Q'3 of 1996, contains a bug that could potentially compromise the webserver on which it is installed. This bug in no way affects Excite.com, anyone Visiting or Searching Excite.com, any search boxes (for example, those on Netscape or Microsoft sites) that point to Excite.com, downloadable chat clients, Excite Direct, Excite Pal, or sites that the Excite spider indexes. This bug appears to be contained only in the free, unsupported version 1.1 of Excite for Webservers (EWS). Excite appreciates its users involvement and notification as to the existence of this bug. As of 1/14/98, Excite has issued to industry watchdog CERT* (http://www.cert.org) patches for immediate distribution to all systems administrators via a CERT vendor-initiated bulletin. The CERT Coordination Center charter is to work with the Internet Community in detecting and resolving computer security incidents as well as taking steps to prevent future incidents. We have rigorously tested these patches in house. While we are awaiting official verification from CERT, we are making the patches available to the EWS user base. For more detailed information on the bug or to access the patches, go to the patches page at http://www.excite.com/navigate/patches.html.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:39:15 PDT