Bugtraq mailing list archives
Re: ROADS search system "show files" Vulnerability with "null bite" bug
From: Martin Hamilton <martin () NET LUT AC UK>
Date: Wed, 14 Feb 2001 23:15:13 +0000
UkR-XblP writes: | Problem: Through this bug you can see any files, bug works | on every system were perl is installed. "%00" - means hex | symbol of the end of the line, used in C,C++ and perl. Hi folks - all of the ROADS 2.x series releases were vulnerable to this, and the same vulnerability existed in some of our other CGI programs. I've put together a patch which tries to fix the problem for people running ROADS 2.x, though it's specifically aimed at version 2.3. I've also rolled together the patches submitted since 2.3 was released and created a new 2.4 release. For more on these, see: http://www.roads.lut.ac.uk/lists/open-roads/2001/02/ I'm not aware of any O/S distribution including ROADS as standard (sensible people! :-), so this is only likely to be a problem for people putting their own installations together. Cheers, Martin
Current thread:
- ROADS search system "show files" Vulnerability with "null bite" bug UkR-XblP (Feb 12)
- Re: ROADS search system "show files" Vulnerability with "null bite" bug Martin Hamilton (Feb 15)