-----BEGIN PGP SIGNED MESSAGE----- =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Rene Ritzen Index : S-97-82 Distribution : World Page : 1 Classification: External Version: 1 Subject : Vuln. in GlimpseHTTP and WebGlimpse cgi-bin Date : 18-Nov-97 =============================================================================== By courtesy of CERT Coordination Center we received information on a vulnerability in the GlimpseHTTP and WebGlimpse cgi-bin Packages A vulnerability exists in the GlimpseHTTP web search package. A related vulnerability exists in the WebGlimpse web search package prior to version 1.5 (the latest version). These packages are popular collections of tools that provide easy-to-use interface to Glimpse, an indexing and query system, to provide a search facility on web sites. CERT-NL recommends that sites that have either of these packages installed take the steps outlined in Section 3 as soon as possible. All CERT Coordination Center advisories are mirrored by CERT-NL. The specific URL for this case is: ADVISORIES ARE REGULARLY UPDATED BY CERT COORDINATION CENTER. Therefore we advise you to check on our mirror regularly - you can automate this process using the CERT-NL notifier service. More information about the CERT-NL mirror and notifier services is contained in News items N-95-01 (notifier) and N-95-02 (CERT mirror), both present on ============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://www.surfnet.nl/surfnet/security/cert-nl.html ftp://ftp.surfnet.nl/surfnet/net-security In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS Phone: +31 302 305 305 BUSINESS HOURS ONLY Fax: +31 302 305 329 BUSINESS HOURS ONLY Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands NOODGEVALLEN: 06 52 87 92 82 ALTIJD BEREIKBAAR EMERGENCIES : +31 6 52 87 92 82 ATTENDED AT ALL TIMES CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES: THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED* PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQCVAwUBNHFSMUU5nQkWIq1FAQHJswQAjzFv3EsFz+dZsTjJui+yntnv1RgvREd9 I/5fYwrg2mHkzjkSldO4pw07SFHE5FY9nu2zAdM+J5vY6OvANV8EIQZFyt6NBggJ I6or4QxeJ7tNoNS/vVEkScWwsI6TTOqXK3myVfsVvh5rnIrXmymrgurVLv2WgUdC 9Yzb+mNooi0= =Fhzc -----END PGP SIGNATURE----- -- Rene Ritzen | E-mail: R.Ritzen@cc.ruu.nl dep. of Telecommunications ACCU | Tel. : +31 30 2533785 P.O.-box 80011 | Fax : +31 30 2531633 3508 TA Utrecht | The Netherlands |