[5260] in bugtraq
Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable
daemon@ATHENA.MIT.EDU (Aleph One)
Fri Sep 5 17:49:15 1997
Date: Fri, 5 Sep 1997 16:03:11 -0500
Reply-To: Aleph One <aleph1@DFW.NET>
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
---------- Forwarded message ----------
Date: Fri, 5 Sep 1997 12:43:14 -0700
From: M. Bracewell <markb@ORA.COM>
To: NTBUGTRAQ@NTADVICE.COM
Subject: Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable
>O'reilly's webserver 'website' contains a demopackage that contains
>the cgi-program uploader.exe.
>The program uploader.exe doesn't check anything at all.....
This hole did exist prior to the July 1996 revision of uploader.bas,
when I added a security fix.
The fix has been available since that time at
http://software.ora.com/techsupport/software/updates.html
The revised uploader was also included in WebSite 1.1g
--
Mark Bracewell markb@oreilly.com
RFC 793 2.10. - Robustness Principle:
TCP implementations will follow a general principle of robustness:
be conservative in what you do, be liberal in what you accept from others.
