Re: whois_raw.cgi problem

From: Peter van Dijk (peterat_private)
Date: Tue Jun 01 1999 - 15:16:42 PDT

Next message: Alan Cox: "Linux 2.2 DoS attack"

Previous message: Salvatore Sanfilippo -antirez-: "whois_raw.cgi problem"
Maybe in reply to: Salvatore Sanfilippo -antirez-: "whois_raw.cgi problem"
Next in thread: Peter van Dijk: "Re: whois_raw.cgi problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 01, 1999 at 12:34:51AM +0200, Salvatore Sanfilippo -antirez- wrote:
> Hi,
>
> 	sorry if this has already been known.
>
> 	There is a problem in whois_raw.cgi, called from
> 	whois.cgi. whois_raw.cgi is part of cdomain v1.0.
> 	I don't know if new versions are vulnerable.

Version 2.0 is just as vulnerable.

The commercial version (the one that runs on NT too :) is _not_ vulnerable
since it does it's own socket thing instead of starting 'whois'.

I've known of this bug in cdomain for about 6 months but never got around
to writing up an advisory...

Greetz, Peter
--
| 'He broke my heart,    |                              Peter van Dijk |
     I broke his neck'   |                     peterat_private |
   nognikz - As the sun  |        Hardbeat@ircnet - #cistron/#linux.nl |
                         | Hardbeat@undernet - #groningen/#kinkfm/#vdh |

Next message: Alan Cox: "Linux 2.2 DoS attack"
Previous message: Salvatore Sanfilippo -antirez-: "whois_raw.cgi problem"
Maybe in reply to: Salvatore Sanfilippo -antirez-: "whois_raw.cgi problem"
Next in thread: Peter van Dijk: "Re: whois_raw.cgi problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:02 PDT