[HECnet] Security hole in CSWS
Sampsa Laine
sampsa at mac.com
Mon Sep 21 22:15:01 PDT 2009
Quick update: I've had a guy from HP's OpenVMS and Tru64 Apache team contact me, they're working on a fix. Turns out it's limited to MOD_PHP apparently, not all of CSWS.
Sampsa
On 21 Sep 2009, at 21:46, Brian Hechinger wrote:
On Mon, Sep 21, 2009 at 08:17:02PM +0100, Sampsa Laine wrote:
Guys,
What do you guys think, worth getting in touch with HP? I think this
could be a potential disaster waiting to happen...
A VMS Guru friend of mine replied with this:
=======================================================================
Not surprising. I would guess that the source code makes some
bad assumptions about file specifications.
It should definitely be reported to HP.
=======================================================================
-brian
--
"Coding in C is like sending a 3 year old to do groceries. You gotta
tell them exactly what you want or you'll end up with a cupboard full of
pop tarts and pancake mix." -- IRC User (http://www.bash.org/?841435)
More information about the Hecnet-list
mailing list