Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CyberCash MCK 3.2.0.4: Large /tmp hole (fwd)

From: dhg () KSRT ORG (Dave G.)
Date: Thu, 13 Jan 2000 17:33:36 -0500



Manfuacturer: CyberCash (http://www.cybercash.com)
Software:             Merchant Connection Kit
Version:              3.2.0.4



KSR[T] had a similiar advisory coming out, which also discussed that the C
API had similiar /tmp problems, and possibly some other potential attacks.
We will make the advisory available on the website by the end of Friday.
Since I don't have the advisory in front of me, I can't confirm the
details of the C API.

The most important factor to this vulnerability (as discussed by Sheldon)
is that local users can halt businesses that rely on Cybercash to process
credit card orders from doing business over the web.

Another item to note is that there is also an active server page version
of Cybercash which remains unaudited.

Dave G.
http://www.ksrt.org
http://www.ksrt.org/~daveg
Previous By Date Next
Previous By Thread Next

Current thread: