[ic] Security Problem in Interchange

Jon Jensen jon at endpoint.com
Mon Mar 29 19:43:53 EST 2004


On Mon, 29 Mar 2004, Grant wrote:

> So I am safe without the patch if I don't use
> @@[email protected]@ and [subject] at all?

At least for the particular exploit that has been discussed. It's possible 
there are other pages that use @@[email protected]@ or [subject] that could be 
vulnerable, and protecting against the unknown is what the patch is good 
for. But for a quick fix against this particular problem, yes, scrubbing 
special_pages/missing.html seems to do the trick.

Jon


More information about the interchange-users mailing list