Slashcode
Slash Open Source Project
http://www.slashcode.com/

Title    Temporary Workaround For CVS Vulnerability
Date    Thursday December 16 2004, @03:05PM
Author    jamiemccarthy
Topic   
http://www.slashcode.com/article.pl?sid=04/12/16/204208

We've gotten a couple of questions about whether there will be a workaround for site admins who don't want to upgrade into x_2_5_* CVS but who don't want to just wait until the patch comes out next week.

For security reasons, we don't want to reveal too much of what's going on until everyone has had a chance to upgrade, but we will say that you can temporarily make your site immune to the vulnerability by removing the symlinks to search.pl and submit.pl.

I.e.:

# rm /usr/local/slash/site/yoursitename/htdocs/{search, submit}.pl

This will obviously break some functionality on your website. Whether you prefer that to upgrading, and/or to being vulnerable for the next week, is up to you.

Assuming you installed your theme with symlinks (the default), to restore those files at any time later you would run symlink-tool:

# /usr/local/slash/bin/symlink-tool -u yourvirtuser -U


© Copyright 2012 - Me, All Rights Reserved

printed from Slashcode, Temporary Workaround For CVS Vulnerability on 2012-02-07 00:14:54