Eggheads: Share module security bug posting on BugTraq list

BoBjUh daro at deds.nl
Wed Feb 11 06:24:36 CST 2004


----- Original Message ----- 
From: "Tom Sutterfield" <tsutterfield at cox.net>
To: "Eggdrop Discussion List" <eggheads at eggheads.org>
Sent: Wednesday, February 11, 2004 12:29 PM
Subject: Eggheads: Share module security bug posting on BugTraq list


> I was just wondering if any of you coders had seen it, and whether it was
a
> valid
> bug, or not.
>
>
>

The origenal mail was send to bugtrug @ securityfocus and a cc of that
mail was send to the eggdev list.

A response by Guppy was.
"This patch has been applied to the latest CVS copy with the correct
credits."
There is also a patch for the problem so.

It is a valid bug but :

This bug only effects users that set allow-resync to 1.  allow-resync is set
to 0 by default with the note that using it "is not recommended," so
probably most users are not vulnerable.

So, you do not need to disable share.mod entirely, just make sure that
allow-resync is set to 0 in the *.conf file.

[quote van BarkerJr]

BoBjUh
bobjuh at vicci.invalid  Change .invalid to .nl









More information about the Eggheads mailing list