| Originally published: Friday, 15 October 1999 | Author: Quentin Cregan |
| Published to: news_enhance_security/Security News | Page: 1/1 [Standard view] |
OpenLink 3.2 AdvisoryA serious security hole has been found in the web configuration utility that comes with OpenLink 3.2. This hole will allow remote users to execute arbitrary code as the user id under which the web configurator is run (inherited from the request broker, oplrqb). The hole is a run-of-the-mill buffer overflow, due to lack of parameter checking when
strcpy() is used.
|
|
(this article had no body text)