Eggheads: Share module security bug posting on BugTraq list

Tom Sutterfield tsutterfield at cox.net
Wed Feb 11 06:34:40 CST 2004


----- Original Message ----- 
From: "BoBjUh" <daro at deds.nl>
To: "Eggdrop Discussion List" <eggheads at eggheads.org>
Sent: Wednesday, February 11, 2004 6:24 AM
Subject: Re: Eggheads: Share module security bug posting on BugTraq list


>
> ----- Original Message ----- 
> From: "Tom Sutterfield" <tsutterfield at cox.net>
> To: "Eggdrop Discussion List" <eggheads at eggheads.org>
> Sent: Wednesday, February 11, 2004 12:29 PM
> Subject: Eggheads: Share module security bug posting on BugTraq list
>
>
> > I was just wondering if any of you coders had seen it, and whether it
was
> a
> > valid
> > bug, or not.
> >
> >
> >
>
> The origenal mail was send to bugtrug @ securityfocus and a cc of that
> mail was send to the eggdev list.
>
> A response by Guppy was.
> "This patch has been applied to the latest CVS copy with the correct
> credits."
> There is also a patch for the problem so.
>
> It is a valid bug but :
>
> This bug only effects users that set allow-resync to 1.  allow-resync is
set
> to 0 by default with the note that using it "is not recommended," so
> probably most users are not vulnerable.
>
> So, you do not need to disable share.mod entirely, just make sure that
> allow-resync is set to 0 in the *.conf file.
>
> [quote van BarkerJr]
>
> BoBjUh
> bobjuh at vicci.invalid  Change .invalid to .nl

Thanks for the replies, guys. :)
That's what I've always set mine to, so it's nice to know that I'm
covered.
Thanks again. :)

Pizza_Man @ Efnet





More information about the Eggheads mailing list