-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The attached advisory supercedes my previous effort regarding W3Mail (NDSA20020719). It seems that in fixing the original holes, CascadeSoft introduced a new one. Their fix for the original hole was as I suggested, to move the MIME attachments data from the web server document root. Unfortunately, the script they wrote to allow users to access the attachment, does no checking about the validity of the file argument, allowing you to request any file that is readable by the web server user. The vendor has been notified, but since they never bothered to acknowledge our contact last time, we're expecting no official response. Hopefully this time they will be able to correct the bug in less than 4 months. Cheers, Tim - -- Tim Brown <mailto:securityfocusat_private> <http://www.machine.org.uk/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE90Y64VAlO5exu9x8RAhG2AJ992byF0moWXFBaSWOi2aWhkAcfhgCgtAwQ Nq6Yh27JqstnYwPlg0kSHVs= =o+mg -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Nov 12 2002 - 20:14:05 PST