[ic] IMPORTANT: Workaround for IC problem
Sun Aug 11 10:39:01 2002
There was a serious security problem found with all versions of
Interchange and Minivend. It allows reading of arbitrary files that
can be read by the Interchange/Minivend user ID.
There is a workaround that is immediately effective:
* Move or remove the "doc" directory, if it exists in the Interchange
mv INTERCHANGE_ROOT/doc INTERCHANGE_ROOT/unsafe
i.e. if your Minivend or Interchange is installed at
/usr/local/interchange, it would be:
mv /usr/local/interchange/doc /usr/local/interchange/unsafe
That immediately closes the hole. Normally the only contents of
the directory are some man pages.
There will be patched versions available soon which solve the problem
We strongly urge all Interchange and Minivend users to implement this
immediately for the safety of their systems and customer data.
In addition, we recommend that if you don't need INET mode that
you disable it. In addition it would be wise to close port 7786
on the internet side of your firewall.
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.513.523.7621 <email@example.com>
Few blame themselves until they have exhausted all other possibilities.