Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remote count.cgi exploit mods

From: angus () intasys com (Gus)
Date: Tue, 14 Jul 1998 16:54:46 +0100

Hi,

I wrote to the author of wwwcount, including the bugtraq traffic messages
and asking "The question is simply wether there is a secure version 2.3,
or should all users move to 2.4."


---------- Forwarded message ----------
Date: Tue, 14 Jul 1998 10:50:28 -0400 (EDT)
From: ma_muquit () fccc edu
To: angus () intasys com
Subject: Re: SECURITY: wwwcount


Everyone should use 2.4. I tried my best to scrutinize 2.4 as much as I
can for all possible buffer overflow (and other security) problems.
Note, I update the distribution occasionally. It was last updated:
May-09-1998.

Version 2.3 archive available from the web page has the fix for the
buffer overflow (in getenv() call). But it might have other problems, so
everyone should use 2.4.

The official counter page is at URL:
    http://www.fccc.edu/users/muquit/Count.html

Take care!

--
Muhammad A Muquit, ma_muquit () fccc edu, http://www.fccc.edu/users/muquit/
Previous By Date Next
Previous By Thread Next

Current thread: