[17111] in bugtraq
Re: Vulnerability in BOA web server v0.94.8.2
daemon@ATHENA.MIT.EDU (Brian Russo)
Mon Oct 9 14:40:22 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <20001008215824.A27021@uhhepr.phys.hawaii.edu>
Date: Sun, 8 Oct 2000 21:58:24 -1000
Reply-To: Brian Russo <brusso@PHYS.HAWAII.EDU>
From: Brian Russo <brusso@PHYS.HAWAII.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
>After having read the "Vulnerability in BOA web server v0.94.8.2"
>advisory by llmora, I wrote a simple exploit for the vulnerability.
>It is tested on Boa version 0.94.7 which I believe is distributed
>with Debian.
This bug was closed in Debian (woody AND potato, i.e. unstable AND stable)
on October 7th.
(Actual upload was made on October 5th)
Package maintainer for debian package of boa is a boa developer, so not much
lag time.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=74231
for the bug report and resolution.
Would it really be so much effort to check the status of such things before
you just blurt them out?
>(http://www.s21sec.com/en/avisos/s21sec-005-en.txt) Entire advisory
>Sincerely yours,
>teleh0r
- brian
--
Brian Russo <brusso@phys.hawaii.edu> (808) 957 2333
