New FrontPage98 Server Extensions Release (fwd)

From: Marc Slemko (marcsat_private)
Date: Fri Mar 20 1998 - 10:48:00 PST

Next message: matt sawkill: "Re: MSIE buffer overrun"

Previous message: Theo Van Dinter: "Re: ncftp 2.4.2 MkDirs bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anyone using the FrontPage extensions on a Unix system should note the
couple of possible security issues in the below forwared message and be
sure that they do not cause problems in your environment.

I have not looked at the issues at all, I am just forwarding a note that
RTR sent to their mailing list.

---------- Forwarded message ----------
Date: Fri, 20 Mar 1998 10:45:33 -0500
From: RTR Webmaster <webmasterat_private>
Subject: New FrontPage98 Server Extensions Release

Please note that there is a new release of the FrontPage98 Server Extensions
for UNIX.  It includes:

        1.  Server-Side Script Security

                Combining server-side scripting code on a web page
                along with a FrontPage component (formerly "WebBot
                component") would allow an end-user to view the
                actual script if they view the source of the resulting
                page. Also, a user knowledgeable about the Server
                Extensions could exploit this behavior to view script
                source by passing the page to the browse-time Server
                Extensions EXE, SHTML.EXE.

        2.  Symbolic Links

                If a user with telnet access to their content directory
                created symbolic links within this directory, the FrontPage
                Explorer and the FrontPage Server Administrator
                (fpsrvadm.exe) would  follow the symbolic links and
                therefore could potentially make unwanted changes to
                the linked files.

        3.  Updated fpcount.exe

                Until the update, this executable could potentially
                cause a browse-time hang.

        4.  Discussion Webs

                A Discussion Web issue where sorting messages in
                reverse chronological order did not work.

        5.  NORTBOTS.HTM with Disk-based webs

                An issue specific to disk-based webs that are published
                to a FrontPage-extended Web server where activating
                FrontPage components may result in a "HTTP/1.0 404
                Object not found" error.


Also included in this release is Apache-fp 1.2.5.

To obtain more information concerning this release please check
http://www.rtr.com/fpsupport/1330update_UNIX.htm and to download
them http://www.rtr.com/fpsupport/download.htm.

<html>
<a href=http://www.rtr.com/fpsupport/1330update_UNIX.htm>More Information</a>
<a href=http://www.rtr.com/fpsupport/download.htm>To Download</a>
</html>

Next message: matt sawkill: "Re: MSIE buffer overrun"
Previous message: Theo Van Dinter: "Re: ncftp 2.4.2 MkDirs bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:32 PDT