Hi.. Big Security Problem

Few minutes ago i post a message talkin about the vulneability
of the service which was made public today on Bugtraq List.
I post it to Bugtraq-es (Spanish Version), with some workaround
more than in bugtraq but waas in spanish (if some of u know spanish
feel free to search the bugtraq-es arvhices through

In my mail i post it an easy patch which check before read the
url to check the uri type. In this case, only allow 'http'.

exit if (substr($url,0,4) ne "http");

just that.


P.d: I'm not subscribed to the list, if u need to contact me
please do it by my e-mail.
Interrumpi mi enseñanza a los 6 años para ir a la escuela!
TCN - Montevideo, Uruguay.
Key id:0x2A15E289

Received on Monday, 31 July 2000 04:31:59 UTC