Hi.. Big Security Problem

Few minutes ago i post a message talkin about the vulneability
of the service which was made public today on Bugtraq List.
I post it to Bugtraq-es (Spanish Version), with some workaround
more than in bugtraq but waas in spanish (if some of u know spanish
feel free to search the bugtraq-es arvhices through
www.securityfocus.com.

In my mail i post it an easy patch which check before read the
url to check the uri type. In this case, only allow 'http'.

exit if (substr($url,0,4) ne "http");


just that.

greets

enan0.
P.d: I'm not subscribed to the list, if u need to contact me
please do it by my e-mail.
-- 
Interrumpi mi enseñanza a los 6 años para ir a la escuela!
TCN - Montevideo, Uruguay.
Key id:0x2A15E289

Received on Monday, 31 July 2000 04:31:59 UTC