>Synopsis: test-cgi security flaw > >State-Changed-From-To: open-analyzed >State-Changed-By: marc >State-Changed-When: Tue May 5 08:32:47 PDT 1998 >State-Changed-Why: >What OS are you using? > >Are you sure you aren't using an old copy of test-cgi? > >The version distributed with Apache is _NOT_ vulnerable to >this problem unless you use a very broken shell. Note the: > ># disable filename globbing >set -f > >line.
Hey, sorry about that. I'm mistaken. I downloaded the tar/gziped source this morning to make sure the bug still existed, without actually trying the script. I looked for quotes, and saw none, not thinking that a more robust solution might have been implemented. The test-cgi script I use on my home box is indeed very old. I'm not that familiar with this PR system, so maybe if you could close this for me... sorry again, Reuben ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
