Home page logo

bugtraq logo Bugtraq mailing list archives

From: mattw () worldwidemart com (Matt Wright)
Date: Wed, 24 Jun 1998 21:47:13 -0400

Thanks to all of those at BugTraq who forwarded me the security hole info
on TextCounter.  Sometimes it takes those 15 messages to get my attention
as I usually don't get through all my e-mail these days (The author
apparently did send me the warning about 8 days ago, but I hadn't read it

At any rate, I've spent about half the day today updating the TextCounter
in order to plug this security hole, which was present in both the Perl
and C++ Versions.  I used a slightly different approach than the one
originally proposed in the alert message.  This new approach causes count
data files to be named slightly differently, as all non-word characters
(anything besides a-z, A-Z and 0-9) are turned into an underscore.

The new versions posted at my site come with the fixed source and a small
perl script called convert.pl which will update your data filenames from
v1.2 to v1.2.1 (or v1.3 to v1.3.1 if you use the C++ version).

I also addded some memory de-allocation to the C++ version which was
missing originally and made the same bug fix that v1.2.1 in Perl
received.  convert.pl will work with the C++ data files in the same way
as both end up with the same names.

You can obtain the fixed versions at:
    (Perl) http://www.worldwidemart.com/scripts/textcounter.shtml
    (C++)  http://www.worldwidemart.com/scripts/C++/textcounter.shtml

Another short fix, which I don't believe is nearly as good as simply
changing everything in the DOCUMENT_URI, is putting '.shtml/' into
your @invalid_uri.  It was already in mine for other reasons, so I
never noticed the attacks, though I think there are ways of getting
around that fix, so I would recommend simply downloading and installing
the new version.

It is also possible that the new naming scheme could create a few
conflicts where two pages want the same name.  There is a fairly slight
chance of this happening, but if it becomes a problem for anyone, let
me know and we'll try to find a work-around for that.

Please let me know if there are any other gaping security holes or if
this one has not been adequately fixed.


Matt Wright

********** The CGI Resource Index --> http://www.cgi-resources.com/ **********
Matt Wright,  mattw () worldwidemart com,   http://www.worldwidemart.com/mattw/
Matt's Script Archive, Free CGI scripts, http://www.worldwidemart.com/scripts/
************ CGI/Perl Cookbook -> http://www.cgi-perl.com/promo/ *************

  By Date           By Thread  

Current thread:
  • TextCounter: SECURITY HOLE PLUGGED! Matt Wright (Jun 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]