[7102] in bugtraq
SECURITY FIX - TclPro Debugger beta release 1 & 2
daemon@ATHENA.MIT.EDU (Aleph One)
Mon Jun 29 14:51:59 1998
Date: Mon, 29 Jun 1998 10:54:15 -0500
Reply-To: Aleph One <aleph1@DFW.NET>
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
---------- Forwarded message ----------
Date: Fri, 26 Jun 1998 15:19:26 -0700
From: Ray Johnson <foo@nowhere.com>
Subject: SECURITY FIX - TclPro Debugger beta release 1 & 2
Newsgroups: comp.lang.tcl
Attention! - All users of the beta releases of the TclPro Debugger
Problem:
The 1.0 beta 1 & 1.0 beta 2 releases of the TclPro Debugger contain a
security hole. A bug in those releases makes the debugger vulnerable to
malicious attacks on the port the debugger listens on for connections with
Tcl applications.
Solution:
We suggest that if you are currently using either TclPro Debugger beta 1
or beta 2 that you stop using it and download the beta 3 version of TclPro
Debugger. The beta 3 release contains no known security related bugs.
As with any beta software, we recommend that you never run the
debugger as root or on machines that are critical to your environment.
We are working hard to produce the best software possible and apologize
in advance for any bugs in our beta releases. We also want to thank our
beta testers for finding bugs, making suggestions and in general helping
us to improve our products.
Ray Johnson
Engineering Manager for TclPro
P.S. You will find the beta 3 version of TclPro Debugger has
additional enhancements (aside from the security fix) that
are significant.
