Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 Next
 See whole thread
By msg id:
 Prev: 4 Feb 2002 8:43
 Next: 4 Feb 2002 10:19

Other threads:
 Prev: Re: Rebol & Linux/partition magic
 Next: Re-ANN: Improved security update in Rugby4

Same author:
 Prev: 30 Jan 2002 16:36
 Next: 4 Feb 2002 10:36

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
30-Apr 6:49 UTC
[0.06] 8.404k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Ann: Rugby major security update

From: koopmans::itr::ing::nl at: 4-Feb-2002 9:45


All,

The bug Romano described in his email this weekend has been fixed in Rugby
version 4.3.1

This very nasty bug would allow anyone who studied the Rugby message format
to execute aribitrary code on the server due to a 'do' instead of a 'load' in
the function that decompresses the molded message.

I urge everyone to upgrade ASAP, as using versions earlier than 4.3.1 will
make you very vulnerable.

Many thanks to Romano for exposing this bug and providing the sample code.

The new version is available at:

http://www.rebolforces.com/~erebol/download.htm

The mirror at www.vrijheid.net will be updated later.

--Maarten

[1] · 2 · 3 · 4 · 5 · 6 · 7 · 8 · 9 · 10 · See whole thread