Bugtraq mailing list archives
Re: Remote count.cgi exploit mods
From: angus () intasys com (Gus)
Date: Tue, 14 Jul 1998 16:54:46 +0100
Hi, I wrote to the author of wwwcount, including the bugtraq traffic messages and asking "The question is simply wether there is a secure version 2.3, or should all users move to 2.4." ---------- Forwarded message ---------- Date: Tue, 14 Jul 1998 10:50:28 -0400 (EDT) From: ma_muquit () fccc edu To: angus () intasys com Subject: Re: SECURITY: wwwcount Everyone should use 2.4. I tried my best to scrutinize 2.4 as much as I can for all possible buffer overflow (and other security) problems. Note, I update the distribution occasionally. It was last updated: May-09-1998. Version 2.3 archive available from the web page has the fix for the buffer overflow (in getenv() call). But it might have other problems, so everyone should use 2.4. The official counter page is at URL: http://www.fccc.edu/users/muquit/Count.html Take care! -- Muhammad A Muquit, ma_muquit () fccc edu, http://www.fccc.edu/users/muquit/
Current thread:
- Re: Remote count.cgi exploit mods Alan J Rosenthal (Jul 11)
- <Possible follow-ups>
- Re: Remote count.cgi exploit mods Gus (Jul 14)