Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Matts (1087)

Matts
  (email not shown publicly)

I work for MessageLabs [messagelabs.com] in Toronto, ON, Canada. I write spam filters, MTA software, high performance network software, string matching algorithms, and other cool stuff mostly in Perl and C.

Journal of Matts (1087)

Thursday July 11, 2002
04:13 AM

Vendors

[ #6273 ]

Sometimes I wonder what the hell is wrong with vendors. Here's part of a bug posted to NTBugTraq last night:

This vulnerability makes it possible for an intruder to use the open
SOAP or XML-RPC APIs published at
http://www.soapware.org/xmlStorageSystem to create user accounts and
upload random file data to any server running the Radio Community Server
as published by UserLand Software Inc. at http://rcs.userland.com

The poster of this bug says he reported it to Userland and CERT 8 weeks ago. When the Zlib bug came out, even though AxKit pretty much wasn't affected (despite embedding zlib), we made sure we checked the bug out and released a warning to our users to upgrade their zlibs the same day.

Vendors who ignore security issues should have to go through some sort of forced darwinism. Perhaps now the exploit has been released UserLand will.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.