#4 fix for security vulnerability in printsource.pl

closed
nobody
engine (3)
9
2004-10-30
2004-10-23
Oded S. Resnik
No

Our site was attacked using vulnerability in
printsource.pl.
Relevant to all Merge 3.x - 3.42 (we will have relase soon
where printsource.pl will be fixed).

printsource.pl is installed on *nix in
/usr/local/share/merge/private/perl/printsource.pl

You usualy don't need printsource.pl in production
enviroment (well you don't need the private directory).
The file is used by Merge development mode "Toolkit".

see attached patch.

You must apply patch if your server is exposed
and you need the privte directory on your server.

Discussion

  • Oded S. Resnik
    Oded S. Resnik
    2004-10-30

    • status: open --> closed
     
  • Oded S. Resnik
    Oded S. Resnik
    2004-10-30

    Logged In: YES
    user_id=481241

    As of version 3.43 - no need for this patch