Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Ann: Rugby major security update

From: koopmans::itr::ing::nl at: 4-Feb-2002 9:45

All, The bug Romano described in his email this weekend has been fixed in Rugby version 4.3.1 This very nasty bug would allow anyone who studied the Rugby message format to execute aribitrary code on the server due to a 'do' instead of a 'load' in the function that decompresses the molded message. I urge everyone to upgrade ASAP, as using versions earlier than 4.3.1 will make you very vulnerable. Many thanks to Romano for exposing this bug and providing the sample code. The new version is available at: http://www.rebolforces.com/~erebol/download.htm The mirror at www.vrijheid.net will be updated later. --Maarten