Bug in mnogosearch-3.1.19

[qitest1 <qitest1 () bespin org>]

        qitest1 security advisory #003

Bug in mnogosearch-3.1.19 and prior
-----------------------------------------------

PROGRAM DESCRIPTION
mnoGoSearch is a full-featured SQL based web search engine, 
available from http://www.mnogosearch.org.

PROBLEM DESCRIPTION
When receiving a too long query string (q var), search.cgi
segfaults (http://127.0.0.1/cgi-bin/search.cgi?q=query). The bug
resides in a bad management of heap-allocated memory. The bug could
be abused by remote attackers to execute code with web server  
privileges.

SOLUTION
Authors were contacted a month ago: they told me that the cvs 
version had been fixed. Nevertheless the stable version
recommended on their web site is still bugged. At the moment you
should disable search.cgi, use the stupid patch attached to this
advisory (for 3.1.19) or alternatively install last cvs version.

--
---- q1-- http://qitest1.0xfee1dead.net/
--

Attachment: mnogosearch-3.1.19.patch
Description: