[21034] in bugtraq
RE: personal web server directory traversal vulnerability patch
daemon@ATHENA.MIT.EDU (Dinos Pastos)
Fri Jun 15 12:55:09 2001
Message-ID: <001101c0f514$cd948e70$2a741fd4@cytanet.com.cy>
From: "Dinos Pastos" <dinopio@linux.com.cy>
To: <bugtraq@securityfocus.com>
Date: Thu, 14 Jun 2001 23:58:08 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Patch from an Unofficial Source?
I quote from site.
"Patch assembled from Microsoft files by David Raitzer
david_raitzer@hotmail.com, Project Information Management Specialist,
Cornell International Institute for Food, Agriculture and Development "
This doesnt look right.
Since Microsoft never developed a patch for PWS after I submited the bug, I
would advise using a patch from an unknown source.
I am not saying the patch is a fake or that it doesnt work.
Dinos Pastos
Security Advisor
InterceptiX Security
----- Original Message -----
From: "David Raitzer" <david_raitzer@hotmail.com>
To: <bugtraq@securityfocus.com>
Sent: Thursday, June 14, 2001 12:08 AM
Subject: personal web server directory traversal vulnerability patch
> Personal Web Server Users,
>
> I assembled an effective patch for the UNICODE directory traversal
> vulnerability issue in Microsoft Personal Web Server 4.0 for Windows
95/98,
> which was noted previously on this list. It can be downloaded at:
> http://www.geocities.com/p_w_server/pws_patch/index.htm
>
> -David Raitzer
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
