On Tue, Jun 01, 1999 at 12:34:51AM +0200, Salvatore Sanfilippo -antirez- wrote: > Hi, > > sorry if this has already been known. > > There is a problem in whois_raw.cgi, called from > whois.cgi. whois_raw.cgi is part of cdomain v1.0. > I don't know if new versions are vulnerable. Version 2.0 is just as vulnerable. The commercial version (the one that runs on NT too :) is _not_ vulnerable since it does it's own socket thing instead of starting 'whois'. I've known of this bug in cdomain for about 6 months but never got around to writing up an advisory... Greetz, Peter -- | 'He broke my heart, | Peter van Dijk | I broke his neck' | peterat_private | nognikz - As the sun | Hardbeat@ircnet - #cistron/#linux.nl | | Hardbeat@undernet - #groningen/#kinkfm/#vdh |
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:02 PDT