[7275] in bugtraq
Re: Remote count.cgi exploit mods
daemon@ATHENA.MIT.EDU (Gus)
Wed Jul 15 13:43:29 1998
Date: Tue, 14 Jul 1998 16:54:46 +0100
Reply-To: Gus <angus@intasys.com>
From: Gus <angus@INTASYS.COM>
To: BUGTRAQ@NETSPACE.ORG
Hi,
I wrote to the author of wwwcount, including the bugtraq traffic messages
and asking "The question is simply wether there is a secure version 2.3,
or should all users move to 2.4."
---------- Forwarded message ----------
Date: Tue, 14 Jul 1998 10:50:28 -0400 (EDT)
From: ma_muquit@fccc.edu
To: angus@intasys.com
Subject: Re: SECURITY: wwwcount
Everyone should use 2.4. I tried my best to scrutinize 2.4 as much as I
can for all possible buffer overflow (and other security) problems.
Note, I update the distribution occasionally. It was last updated:
May-09-1998.
Version 2.3 archive available from the web page has the fix for the
buffer overflow (in getenv() call). But it might have other problems, so
everyone should use 2.4.
The official counter page is at URL:
http://www.fccc.edu/users/muquit/Count.html
Take care!
--
Muhammad A Muquit, ma_muquit@fccc.edu, http://www.fccc.edu/users/muquit/
