[VIM] Re: Vendor dispute for CAN-2005-1181 (Ariadne PHP file
include)
Stuart Moore
smoore at securityglobal.net
Mon Aug 1 23:54:05 EDT 2005
Hi,
> http://securitytracker.com/alerts/2005/Apr/1013721.html
Regarding the Ariandne file include report, we just sent mail to the
author of the original report (Fidel Costa) to ask for clarification,
just to be certain.
But it occurred to me that the problem may have been a site-specific
configuration issue. The 2.4 distribution comes with two separate
include files: "ariadne.inc-unix" and "ariadne.inc-win". The
administrator needs to manually rename one of these to "ariadne.inc", as
the installation process is largely manual. The installation RTF doc
explains this in a generic way, so it may not be clear to some
(especially those that don't read the docs!). You would think that the
system would barf if the include file was missing (i.e., not properly
renamed), but perhaps not.
We'll be deleting our Alert on this, unless Fidel Costa has some
interesting additional info.
Stuart
--
Stuart Moore
SecurityTracker.com
More information about the VIM
mailing list