> > Sorry for not clarifying. This is another vulnerability. The patch made > DOES NOT fix this vulnerability. > The CGISecurity hole only allowed read, not execute, and the patch did not > affect the az field. The following information is correct. The hole we found effected the forum= field. It only allowed remote file viewing and also had a nasty Denial of service effect which caused a rm -rf effect to whatever dir the script itself was stored. (Hopefully that part doesn't effect this new bug) - zenomorph
This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 00:41:51 PDT