> > Manfuacturer: CyberCash (http://www.cybercash.com) > Software: Merchant Connection Kit > Version: 3.2.0.4 > KSR[T] had a similiar advisory coming out, which also discussed that the C API had similiar /tmp problems, and possibly some other potential attacks. We will make the advisory available on the website by the end of Friday. Since I don't have the advisory in front of me, I can't confirm the details of the C API. The most important factor to this vulnerability (as discussed by Sheldon) is that local users can halt businesses that rely on Cybercash to process credit card orders from doing business over the web. Another item to note is that there is also an active server page version of Cybercash which remains unaudited. Dave G. http://www.ksrt.org http://www.ksrt.org/~daveg
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:28:06 PDT