There are some important errors in this post that appear to stem from
incomplete editing of a previous advisory for an unrelated product,
webnews (CVE-2006-5100).
The subject line says 1.4, but the version referenced at the end of
the post is 1.2.3, which is dated October 2, 2006; so there doesn't
appear to be any 1.4.
The subject line also mentions WN_BASEDIR, but the demonstration
exploit uses includeDir instead.
There are some important errors in this post that appear to stem from
incomplete editing of a previous advisory for an unrelated product,
webnews (CVE-2006-5100).
The subject line says 1.4, but the version referenced at the end of
the post is 1.2.3, which is dated October 2, 2006; so there doesn't
appear to be any 1.4.
The subject line also mentions WN_BASEDIR, but the demonstration
exploit uses includeDir instead.
- Steve
[ reply ]