Forgot to include this to the mailing list. ---------- Forwarded message ---------- From: Joshua Zimler <[EMAIL PROTECTED]> Date: Nov 1, 2007 10:46 PM Subject: Re: [Gnump3d-users] Security Hole found in gnump3d To: Ryan Hanna <[EMAIL PROTECTED]>
Here's my file: [EMAIL PROTECTED]:~$ cat /usr/share/gnump3d/Tabular/error.html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" " http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";> <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en"> <head> $META <title>GNUMP3d :: $TITLE </title> <meta name="description" content="CSS techniques to demonstrate pure CSS tabbed navigation menu" /> <meta name="keywords" content="" /> <style type="text/css"> body {margin: 0; padding: 0; background: #CACCB4; font: 1em/1.7em arial, sans-serif; } pre {text-indent: 30px;} #banner {position: absolute; top: 0; left: 0; height:50px; width: 99%; padding: 0; margin: 0 1px; border: 4px solid black; color: black; background: #ABAD85; z-index: 5;} body>#banner {position: fixed;} #banner h1 {margin: 0; padding: 5px;} #tabmenu {color: #000; position: absolute; top: 52px; padding: 0px; z-index: 10; margin-left: 15px;} body>#tabmenu {position: fixed; top: 34px;} head:first-child+body #tabmenu {top: 36px;} /*only mozilla*/ #tabmenu li {display: inline; overflow: hidden; list-style-type: none;} #tabmenu a, a.active {color: #DEDECF; background: #898B5E; font-size: 0.8em; font-weight: bold; border: 3px solid black; padding: 2px; margin: 2px; text-decoration: none;} #tabmenu a.active {background: #ABAD85; border-top: 3px solid #ABAD85; z-index: 30;} #tabmenu a:hover {color: #fff; background: #ADC09F;} #tabmenu a:visited {color: #E8E9BE;} #tabmenu a.active:hover {background: #ABAD85; color: #D3DBCB;} #content {background: #CACCB4; font: 0.8em "Trebuchet MS", arial, sans-serif; height: auto; text-align: justify; padding: 100px 70px 0px 70px; z-index: 0;} #content a {text-decoration: none; color: #86862D;} #content a:hover {background: #ADC09F;} </style> </head> <body> <div id="banner"> <h1>GNUMP3d v$RELEASE</h1> </div> <div id="content"> <table border="0" cellpadding="0" cellspacing="5" width="100%" bgcolor="#000000"> <tr><td> <table border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#eaecef"> <tr bgcolor="#d1d5d7"><td colspan="7" align="center"><h3>Error</h3></td></tr> <tr><td> $ERROR_MESSAGE </td></tr> </table> </td></tr> </table> <p> </p> On 11/1/07, Ryan Hanna <[EMAIL PROTECTED]> wrote: > > Cool thanks. I am running it on ubuntu server with no gui, and using the > templates for the pages. Do you know which part I have to remove from the > error.html template to remove just the links? > > > ------------------------------ > > *From:* Joshua Zimler [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, November 01, 2007 10:24 PM > *To:* Ryan Hanna > *Subject:* Re: [Gnump3d-users] Security Hole found in gnump3d > > > > Actually, you don't even need to try three times, you just need to click > "cancel" when you're prompted for a password. > > > I fixed it by simply removing the links on the html file on my computer. > > On 11/1/07, *Ryan Hanna* <[EMAIL PROTECTED]> wrote: > > I found a security hole in the gnump3d service for ubuntu. If you try and > log in three times it takes you to a page that says you access has been > restricted due to too many login attempts. It still however shows the tool > bar to the left side with all of the links. The home link is inactive, > however, all other tabs are still accessible. You can actually go to the > playlists tab, create your own and download music from the music archive. > > > > Has anyone else experienced the same issue? Anyone know a quick fix? > > > > > > > _______________________________________________ > Gnump3d-users mailing list > [email protected] > http://lists.gnu.org/mailman/listinfo/gnump3d-users > > >
_______________________________________________ Gnump3d-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnump3d-users
