subject:"\[ilugd\] Re\: \(fwd\) \[SECURITY\] \[DSA\-392\-1\] New webfs packages fix buffer overflows, file and directory exposure"

[ilugd] Re: (fwd) [SECURITY] [DSA-392-1] New webfs packages fix buffer overflows, file and directory exposure

2003-09-29 Thread Sandip Bhattacharya

Raj Mathur wrote: "Sandip" == Sandip Bhattacharya <[EMAIL PROTECTED]> writes: Sandip> Raj Mathur wrote: >> [Please upgrade if you use webfs on any platform -- Raju] >> >> >> CAN-2003-0832 - When virtual hosting is enabled, a remote >> client could specify ".." as the ho

Re: [ilugd] Re: (fwd) [SECURITY] [DSA-392-1] New webfs packages fix buffer overflows, file and directory exposure

2003-09-29 Thread Raj Mathur

> "Sandip" == Sandip Bhattacharya <[EMAIL PROTECTED]> writes: Sandip> Raj Mathur wrote: >> [Please upgrade if you use webfs on any platform -- Raju] >> >> >> CAN-2003-0832 - When virtual hosting is enabled, a remote >> client could specify ".." as the hostname in a re

[ilugd] Re: (fwd) [SECURITY] [DSA-392-1] New webfs packages fix buffer overflows, file and directory exposure

2003-09-29 Thread Sandip Bhattacharya

Raj Mathur wrote: > [Please upgrade if you use webfs on any platform -- Raju] > > CAN-2003-0832 - When virtual hosting is enabled, a remote client could specify ".." as the hostname in a request, allowing retrieval of directory listings or files above the document root. This is so crazy! -- Sa