Forum OpenACS Q&A: Response to Anyone using AOLserver < 3.4 with nsperm module?

This bug opens the hole for a potential remote buffer overflow exploit.  It looks like it could be exploited regardless of whether or not you are using nsperm.  If the connection headers contain a "Authorization" header, thn ParseAuth routine is run, opening up your server to a remote buffer overflow.

Anybody running version 3.3 or less should consider upgrading because of the security risk.