Crap! I thought for sure I could hax0r your system b4 u noticed me! -l33t hax0r
-----Original Message----- From: James Wright [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 12:48 PM To: sambar List Member Subject: [sambar] HTTP CGI-BIN Vulnerability Jeez people. I don't think he meant that as an invitation to be stupid. I don't have search.pl so everyone who is trying it out - KNOCK IT OFF before I cut you out completely. ----- Original Message ----- From: "Alex Broens" <[EMAIL PROTECTED]> To: "sambar List Member" <[EMAIL PROTECTED]> Sent: Tuesday, 24 June, 2003 09:20 Subject: [sambar] HTTP CGI-BIN Vulnerability > The sample application search.pl that ships with the Sambar Server includes a buffer-overflow vulnerability. > > This was closed in the 6.0 beta 3 release (by disallowing script execution by anyone other than "localhost"). > > This script should be removed from all production servers; it will not be shipped with future releases of the server. > > (Source: http://www.sambar.com/security.htm) ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
