[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Openwebmail 1.71 exploit... fixed

Subject: [cobalt-users] Openwebmail 1.71 exploit... fixed
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon Dec 23 08:06:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

http://online.securityfocus.com/archive/1/303997

I patched mine and it works OK

    135   $loginname =~ s/\-session\-0.*$//; # Grab loginname from
sessionid
    136 ### security fix patch 12/22/2002 GW added this line
    137   $loginname =~ s/[\.\/\;\|\'\"\`\&]//g;
    138 ###

Thanks for the heads-up Bruce.


Gerald
--
http://frontstreetnetworks.com | http://raqware.com
Front Street Networks LLC  | Phone: +1 203-785-0699
229 Front Street, Ste. C, New Haven, CT. 06513-3203

Follow-Ups:
- Re: [cobalt-users] Openwebmail 1.71 exploit... fixed
  - From: Bill Gibbs
- RE: [cobalt-users] Openwebmail 1.71 exploit... fixed
  - From: Richard Sidlin

Prev by Date: RE: [cobalt-users] pkgmaster.com
Next by Date: Re: [cobalt-users] Openwebmail 1.71 exploit... fixed
Previous by thread: RE: [cobalt-users] pkgmaster.com
Next by thread: Re: [cobalt-users] Openwebmail 1.71 exploit... fixed

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index