Bugtraq mailing list archives
SECURITY FIX - TclPro Debugger beta release 1 & 2
From: aleph1 () DFW NET (Aleph One)
Date: Mon, 29 Jun 1998 10:54:15 -0500
---------- Forwarded message ---------- Date: Fri, 26 Jun 1998 15:19:26 -0700 From: Ray Johnson <foo () nowhere com> Subject: SECURITY FIX - TclPro Debugger beta release 1 & 2 Newsgroups: comp.lang.tcl Attention! - All users of the beta releases of the TclPro Debugger Problem: The 1.0 beta 1 & 1.0 beta 2 releases of the TclPro Debugger contain a security hole. A bug in those releases makes the debugger vulnerable to malicious attacks on the port the debugger listens on for connections with Tcl applications. Solution: We suggest that if you are currently using either TclPro Debugger beta 1 or beta 2 that you stop using it and download the beta 3 version of TclPro Debugger. The beta 3 release contains no known security related bugs. As with any beta software, we recommend that you never run the debugger as root or on machines that are critical to your environment. We are working hard to produce the best software possible and apologize in advance for any bugs in our beta releases. We also want to thank our beta testers for finding bugs, making suggestions and in general helping us to improve our products. Ray Johnson Engineering Manager for TclPro P.S. You will find the beta 3 version of TclPro Debugger has additional enhancements (aside from the security fix) that are significant.
Current thread:
- SECURITY FIX - TclPro Debugger beta release 1 & 2 Aleph One (Jun 29)