it was posted on bugtraq so I can imagine it is being tested by a lot more than just this list now.
Danny On 24/Jun/2003 09:48:21, James Wright wrote: > Jeez people. I don't think he meant that as an invitation to be > stupid. I don't have search.pl so everyone who is trying it > out - KNOCK IT OFF before I cut you out completely. > > > > ----- Original Message ----- > From: "Alex Broens" <[EMAIL PROTECTED]> > To: "sambar List Member" <[EMAIL PROTECTED]> > Sent: Tuesday, 24 June, 2003 09:20 > Subject: [sambar] HTTP CGI-BIN Vulnerability > > > > The sample application search.pl that ships with the Sambar > Server includes a buffer-overflow vulnerability. > > > > This was closed in the 6.0 beta 3 release (by disallowing > script execution by anyone other than "localhost"). > > > > This script should be removed from all production servers; it > will not be shipped with future releases of the server. > > > > (Source: http://www.sambar.com/security.htm) > > ------------------------------------------------------- > > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > > > > > > > ------------------------------------------------------- > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
