Security Incidents mailing list archives
Re: Vulernability in /cgi-bin/shopper.exe?
From: David Kennedy CISSP <david.kennedy () acm org>
Date: Fri, 27 Jul 2001 03:30:56 -0400
-----BEGIN PGP SIGNED MESSAGE----- At 12:38 PM 7/26/01 -0700, Michael Katz wrote:
I have been unable to find any specific vulnerabilities with shopper.exe. I believe that there are either new unpubished vulnerabilities in the shopper.exe executable or attackers are looking to exploit the existing vulnerabilities listed above. If you have PDGSoft's Shopping Cart package, be warned.
http://www.nipc.gov/warnings/advisories/2001/01-007.htm ADVISORY 01-007 "PDG Shopping Cart Software" Vulnerability Affecting E-Commerce Issued 04/06/2001 Downloading the W32 version of the patch, a new version of shopper.exe is in the archive. To give a little credit where credit is due, AFAIK this was the only time NIPC issued an advisory before a problem was common knowledge by anyone not living in a cave. To what extent there were already victims of the problem is something we'll probably never know. I do wonder if it had anything to do with their investigation that yielded one of their "DOH" advisories: http://www.nipc.gov/warnings/advisories/2001/01-003.htm -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: hacker=cybercriminal the definition has changed; get over it iQCVAwUBO2EYe/GfiIQsciJtAQHUAgQAxiNOcW5vdLNMO9Lp7Tmd0Ngt9SRuP94c 2qWhKavXOUgIj5e3stfIHqtnguuyVn3qoB4AeKDNGWoz1pok2vjcozNl8C0ToFZW fPnkvyymqGW9Vga44dqeR6Cu3opblHuQ74mFubNtlPFseju0erj1CcDDwyE6Hkm9 PNpAV/WVAls= =KEDL -----END PGP SIGNATURE----- -- Regards, David Kennedy CISSP Director of Research Services, TruSecure Corp. http://www.trusecure.com Protect what you connect. Look both ways before crossing the Net. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Vulernability in /cgi-bin/shopper.exe? Michael Katz (Jul 26)
- Re: Vulernability in /cgi-bin/shopper.exe? David Kennedy CISSP (Jul 29)