On Sun, 2006-08-27 at 09:04 -0500, Kevin P. Fleming wrote: > And anyone who wants to provide one is welcome to do so. The lack of one > being available is not a vulnerability, though, since the administrator can > easily avoid the issue.
Actually many would consider it to be a vulnerability in the same way they did before languages such as php/perl provided functions like escapeshellarg()... -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Security mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-security
