Skip to main content.
home | support | download

Back to List Archive

WWWWAIS 2.5 security holes / replacement for WWWWAIS?

From: Prentiss Riddle <riddle(at)not-real.is.rice.edu>
Date: Thu Jan 18 2001 - 20:28:59 GMT
This isn't strictly a SWISH-E matter but there may be some legacy SWISH
users on this list to whom it would be of concern.

An anoymous poster to the Bugtraq mailing list has just announced the
discovery of numerous security holes in WWWWAIS 2.5:

        http://www.securityfocus.com/archive/1/157012

If you're still running WWWWAIS, you may want to take a look.

And now a question: does anyone know of a relatively painless WWWWAIS
replacement which is compatible with old SWISH 1.1?  It may be time to
force all of my users to upgrade to SWISH-E, but I thought I'd ask just
in case.  (Of course I'm also going to start looking for an answer by
reviewing the list of SWISH-E compatible CGI scripts at
http://sunsite.Berkeley.EDU/SWISH-E/Scripts/ , but if someone knows
already it might save me some trouble.)

Please reply privately to limit noise on the list.  Thanks.

-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- Webmaster, Rice University | http://is.rice.edu/~riddle | 281-924-3630
Received on Thu Jan 18 20:33:49 2001