Bugtraq mailing list archives
Re: CyberCash MCK 3.2.0.4: Large /tmp hole (fwd)
From: dhg () KSRT ORG (Dave G.)
Date: Thu, 13 Jan 2000 17:33:36 -0500
Manfuacturer: CyberCash (http://www.cybercash.com) Software: Merchant Connection Kit Version: 3.2.0.4
KSR[T] had a similiar advisory coming out, which also discussed that the C API had similiar /tmp problems, and possibly some other potential attacks. We will make the advisory available on the website by the end of Friday. Since I don't have the advisory in front of me, I can't confirm the details of the C API. The most important factor to this vulnerability (as discussed by Sheldon) is that local users can halt businesses that rely on Cybercash to process credit card orders from doing business over the web. Another item to note is that there is also an active server page version of Cybercash which remains unaudited. Dave G. http://www.ksrt.org http://www.ksrt.org/~daveg
Current thread:
- Re: CyberCash MCK 3.2.0.4: Large /tmp hole (fwd) Dave G. (Jan 13)