forwarded 323919 [EMAIL PROTECTED]
tag 323919 + upstream
thanks
Taco IJsselmuiden <[EMAIL PROTECTED]> reports:
the script 'http' uses '/../../../' as an exploit-pattern.
This causes things like '/dat/cjf/00/20/38/13.js' to match (which aren't
exploits).
attached patch changes this to '/\.\./\.\./\.\./' which fixes this
problem.
Should the 3 lines below also get fixed? An (avoidable) false positive seems
unlikely, but still possible.
Willi
PS: Please CC: the bug <[EMAIL PROTECTED]> on replies. thank you.
diff -ur logwatch-6.1.2.debian/scripts/services/http logwatch-6.1.2/scripts/services/http
--- logwatch-6.1.2.debian/scripts/services/http 2005-06-14 07:16:17.000000000 +0200
+++ logwatch-6.1.2/scripts/services/http 2005-08-19 09:54:52.209780234 +0200
@@ -250,7 +250,7 @@
#
my @exploits = (
'null',
- '/../../../',
+ '/\.\./\.\./\.\./',
'../../config.sys',
'/../../../autoexec.bat',
'/../../windows/user.dat',
