Thanks to all of those at BugTraq who forwarded me the security hole info on TextCounter. Sometimes it takes those 15 messages to get my attention as I usually don't get through all my e-mail these days (The author apparently did send me the warning about 8 days ago, but I hadn't read it yet). :( At any rate, I've spent about half the day today updating the TextCounter in order to plug this security hole, which was present in both the Perl and C++ Versions. I used a slightly different approach than the one originally proposed in the alert message. This new approach causes count data files to be named slightly differently, as all non-word characters (anything besides a-z, A-Z and 0-9) are turned into an underscore. The new versions posted at my site come with the fixed source and a small perl script called convert.pl which will update your data filenames from v1.2 to v1.2.1 (or v1.3 to v1.3.1 if you use the C++ version). I also addded some memory de-allocation to the C++ version which was missing originally and made the same bug fix that v1.2.1 in Perl received. convert.pl will work with the C++ data files in the same way as both end up with the same names. You can obtain the fixed versions at: (Perl) http://www.worldwidemart.com/scripts/textcounter.shtml (C++) http://www.worldwidemart.com/scripts/C++/textcounter.shtml Another short fix, which I don't believe is nearly as good as simply changing everything in the DOCUMENT_URI, is putting '.shtml/' into your @invalid_uri. It was already in mine for other reasons, so I never noticed the attacks, though I think there are ways of getting around that fix, so I would recommend simply downloading and installing the new version. It is also possible that the new naming scheme could create a few conflicts where two pages want the same name. There is a fairly slight chance of this happening, but if it becomes a problem for anyone, let me know and we'll try to find a work-around for that. Please let me know if there are any other gaping security holes or if this one has not been adequately fixed. Thanks, Matt Wright ********** The CGI Resource Index --> http://www.cgi-resources.com/ ********** Matt Wright, mattwat_private, http://www.worldwidemart.com/mattw/ Matt's Script Archive, Free CGI scripts, http://www.worldwidemart.com/scripts/ ************ CGI/Perl Cookbook -> http://www.cgi-perl.com/promo/ *************
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:27 PDT