Witango Customer Support
On 31/7/03 1:18 AM, "Lance Koh" <[EMAIL PROTECTED]> wrote:
saw this piece of security alert. thought the list will be interested to know
Remote Buffer Overrun in Witango Application Server
NGSSoftware discovered that a buffer-overrun condition in Witango
and Tango 2000 Application Server can result in remote compromise of
the vulnerable host. If a malicious user passes a long cookie to
Witango_UserReference, the saved return address is overwritten on the
stack. Because Witango is installed as LocalSystem, any arbitrary code
execution will run as SYSTEM. Witango has corrected this problem and
recommends that affected customers download the latest build from its
Web site.
http://www.secadministrator.com/articles/index.cfm?articleid=39645
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
