[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MAC : Lasso updated for security flaw.

To: uci-mac@uci.edu
Subject: MAC : Lasso updated for security flaw.
From: Andrew Laurence <atlauren@uci.edu>
Date: Mon, 18 Aug 1997 09:31:37 -0700
Delivery-date: Mon, 18 Aug 1997 09:31:52 -0700
Resent-date: Tue, 19 Aug 1997 12:36:38 -0700
Resent-from: Lyle Wiedeman <wiedeman@uci.edu>
Resent-message-id: <10738.872019398@altair.acs.uci.edu>
Resent-to: dcs@uci.edu

Description:
	A security flaw was recently discovered in the CGI application
Lasso, from BlueWorld Communications.  Lasso allows data from a FileMaker
Pro database to be published on the world wide web (WWW).  From BlueWorld's
information, "This hole allows Lasso to return files which have the creator
code of 'WWW<omega symbol>'."

Platform:
	Mac OS, WebStar-compliant web server, with Lasso.

Status:
	Lasso updates are available from Blue World Communications.
	http://www.blueworld.com/lasso/security_update.html

Authority:
	Macintouch: http://www.macintouch.com/
	Blue World Communications: http://www.blueworld.com/

UCI Resolution:
	Update your copy of Lasso immediately. Copies of the updaters for
Lasso are available from UCI's Macintosh software Archive, in the
Updaters:Lasso folder.
	OAC Macintosh Archive home page:
		http://www.oac.uci.edu/support/mac/archive.html

Office of Academic Computing               oac@uci.edu
E2130 Engineering Gateway                  (714) 824-6116
UC Irvine

Prev by Date: DCSLIB : imapd (CERT Summary CS-97.04)
Next by Date: SunOS : Security Bulletin #00151
Previous by thread: DCSLIB : imapd (CERT Summary CS-97.04)
Next by thread: SunOS : Security Bulletin #00151
Index(es):
- Date
- Thread