Re: twlc advisory: all versions of php nuke are vulnerable...

From: Bernd Schnitzer (bernd.schnitzerat_private)
Date: Sat Oct 06 2001 - 17:05:20 PDT

Next message: patpro: "OS X 10.1 and localized desktop folder still vulnerable"

Previous message: Boren, Rich (SSRT): "FW: [advisory] SSRT0767u Potential rpc.ttdbserverd buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Alternative "quickfix"; change
>   "if($upload) {" to
>   "if (($upload) && ($admintest)) {"

To fix the $file/$file_name bug in admin.php, change the line
"if ((isset($file)) AND ($file != "none")) {"
to
"if ((isset($file)) AND ($file != "none") AND ($admintest)) {"

/B.S.

Next message: patpro: "OS X 10.1 and localized desktop folder still vulnerable"
Previous message: Boren, Rich (SSRT): "FW: [advisory] SSRT0767u Potential rpc.ttdbserverd buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Oct 07 2001 - 00:05:54 PDT