[Imc-aotearoa-tech] Active security flaw
Danyl Strype
strypey at riseup.net
Sun Jul 27 09:56:49 PDT 2003
Kia ora Finn,
Are you on IMC-Tech?
RnB,
Strypey
BTW How's Pooneke?
sveasca at yahoo.com wrote:
"Hey IMC tech folks. This is my second attempt to
post this message - I think mailman assumed that my
first posting was spam...
I have a friend who was poking around on the IMC
sites recently who claims to have found a "huge"
security hole in Active that leaves the site open for
posts, deletes, and much more maliscious stuff. He has
given me detailed information about what the hole is,
how it works, and a suggested patch, but he didn't
want to post the information to an open list.
I've forwarded the info to my local techs (Boston
IMC) but the same code is used for lots of IMC sites,
so you need to know, too. My friend has informed the
vendor and is going to inform the public in... 12
days, so you're going to hafta hop on this if you want
to fix the hole before it becomes common knowledge.
Because this *is* a security hole, if someone
from this list can contact me privately (and give me a
reference that I can confirm with one of my local
Boston techs or other longstanding Boston IMC member)
I'll forward the information over to you."
--
"What preparation would you like me to have done..."
"Just read, just read."
- Kim Hill and John Pilger
http://aotearoa.indymedia.org/
More information about the imc-aotearoa-tech
mailing list