Bugtraq mailing list archives

Re: ROADS search system "show files" Vulnerability with "null bite" bug

From: Martin Hamilton <martin () NET LUT AC UK>
Date: Wed, 14 Feb 2001 23:15:13 +0000

UkR-XblP  writes:

| Problem: Through this bug you can see any files, bug works
| on every system were perl is installed. "%00" - means hex
| symbol of the end of the line, used in C,C++ and perl.

Hi folks - all of the ROADS 2.x series releases were vulnerable to
this, and the same vulnerability existed in some of our other CGI
programs.

I've put together a patch which tries to fix the problem for people
running ROADS 2.x, though it's specifically aimed at version 2.3.
I've also rolled together the patches submitted since 2.3 was released
and created a new 2.4 release.

For more on these, see:
  http://www.roads.lut.ac.uk/lists/open-roads/2001/02/

I'm not aware of any O/S distribution including ROADS as standard
(sensible people! :-), so this is only likely to be a problem for
people putting their own installations together.

Cheers,

Martin

Current thread:

ROADS search system "show files" Vulnerability with "null bite" bug UkR-XblP (Feb 12)
- Re: ROADS search system "show files" Vulnerability with "null bite" bug Martin Hamilton (Feb 15)