[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Openwebmail 1.71 exploit... fixed

Subject: Re: [cobalt-users] Openwebmail 1.71 exploit... fixed
From: "Bill Gibbs" <bgibbs@xxxxxxxxxxxxx>
Date: Mon Dec 23 08:47:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I patched it and it all works fine as well.  Thanks!

Bill "Elvis" Gibbs
Eduro Technologies, Inc.
main 240-529-2000 | fax 301-662-9552 | cell 301-748-5418


----- Original Message ----- 
From: "Gerald Waugh" <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
To: "cobalt-users" <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, December 23, 2002 11:01 AM
Subject: [cobalt-users] Openwebmail 1.71 exploit... fixed


> 
> http://online.securityfocus.com/archive/1/303997
> 
> I patched mine and it works OK
> 
>     135   $loginname =~ s/\-session\-0.*$//; # Grab loginname from
> sessionid
>     136 ### security fix patch 12/22/2002 GW added this line
>     137   $loginname =~ s/[\.\/\;\|\'\"\`\&]//g;
>     138 ###
> 
> Thanks for the heads-up Bruce.
> 
> 
> Gerald
> --
> http://frontstreetnetworks.com | http://raqware.com
> Front Street Networks LLC  | Phone: +1 203-785-0699
> 229 Front Street, Ste. C, New Haven, CT. 06513-3203
> 
> 
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- [cobalt-users] Openwebmail 1.71 exploit... fixed
  - From: Gerald Waugh

Prev by Date: [cobalt-users] Openwebmail 1.71 exploit... fixed
Next by Date: RE: [cobalt-users] Openwebmail 1.71 exploit... fixed
Previous by thread: [cobalt-users] Openwebmail 1.71 exploit... fixed
Next by thread: RE: [cobalt-users] Openwebmail 1.71 exploit... fixed

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index