Bugtraq mailing list archives

Re: More vulnerabilities in FP

From: ronvdaal () SYNTONIC NET (Ron van Daal)
Date: Sat, 22 Apr 2000 12:41:26 +0200

To test this vulnerability we need "htimage.exe" in our "cgi-bin"
directory (it's installed by default) and premission to execute it.
That's why only Windows is vulnerable, Unix to execute "htimage.exe" +
If "htimage.exe" exist). based systems can't execute "*.exe" files.


Incorrect. The FrontPage98 server extensions for Linux contains several
*.exe files, which are 32-bit ELF executables. The Linux port of the FP98
server extensions isn't vulnerable, because of the missing htimage.exe.

Regards,

Ron van Daal | Syntonic Internet | The Netherlands

Current thread:

RAZOR Analysis of dvwssr.dll, (continued)
- - - RAZOR Analysis of dvwssr.dll Simple Nomad (Apr 17)
    - response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
    - Re: response to the bugtraq report of buffer overruns in imapd LIST command Theo de Raadt (Apr 17)
    - Re: response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
    - Re: response to the bugtraq report of buffer overruns in imapd LIST command R. C. Dowdeswell (Apr 17)
    - xfs security issues (fwd) Chris Evans (Apr 17)
    - Re: response to the bugtraq report of buffer overruns in imapd LIST command Mark Crispin (Apr 17)
    - RUS-CERT Advisory 200004-01: GNU Emacs 20 RUS-CERT, University of Stuttgart (Apr 18)
    - More vulnerabilities in FP Narrow (Apr 18)
    - Re: More vulnerabilities in FP The Cyberiad (Apr 19)
    - Re: More vulnerabilities in FP Ron van Daal (Apr 22)
    - Re: More vulnerabilities in FP The Cyberiad (Apr 19)
    - AVM's Statement eAX [Teelicht] (Apr 19)
    - Adtran DoS Mike Ireton (Apr 19)
    - FreeBSD Security Advisory: FreeBSD-SA-00:13.generic-nqs FreeBSD Security Officer (Apr 19)
    - Re: response to the bugtraq report of buffer overruns in imapd LIST command Warner Losh (Apr 17)
    - pwdump2 for Active Directory Todd Sabin (Apr 18)
    - Re: response to the bugtraq report of buffer overruns in imapd LIST command Henrik Nordstrom (Apr 18)
    - Cooments on the dvwssr.dll vulnerability threads Iván Arce (Apr 17)
    - Re: Cooments on the dvwssr.dll vulnerability threads David LeBlanc (Apr 18)
    - Last call for extended abstracts - Raid 2000 - Deadline is April 30th Herve Debar (Apr 18)

(Thread continues...)