[6045] in bugtraq
Security flaw in htmlscript
daemon@ATHENA.MIT.EDU (Joseph Jay Austin)
Wed Jan 28 03:42:40 1998
Date: Tue, 27 Jan 1998 17:28:53 -0800
Reply-To: Joseph Jay Austin <joe@HTMLSCRIPT.COM>
From: Joseph Jay Austin <joe@HTMLSCRIPT.COM>
To: BUGTRAQ@NETSPACE.ORG
This message is in response to the security breach regarding
our product, htmlscript, that was published in this list.
We became aware earlier today of a security flaw in the
htmlscript 2.99x distribution and certain earlier releases.
This flaw allows people to get a copy of the system password
(and other) files using our product. We are fixing this
problem and will be making a binary only distribution of
v2.9932 available to all licensees of the product.
The current shipping version of the product (htmlscript
v3.x/Miva 1.x) does not have this security flaw. All
customers have the option of getting a copy of the latest
release or a binary only fix of the 2.99x distribution.
Both are, naturally, available at no charge. Customers
wanting access to these binaries should contact
support@htmlscript.com or should call our main number.
Due to the serious nature of this problem we urge all
htmlscript licensees to make this upgrade their
highest priority.
----------------------
Htmlscript Corporation
Joe Austin, President
joe@htmlscript.com
http://www.htmlscript.com
619-490-2570:main line
619-490-2571:direct
----------------------
