Forum OpenACS Q&A: Response to Anyone using AOLserver < 3.4 with nsperm module?

How about a very simple suggestion to cure the problem - comment out the body code of ParseAuth:
static void
ParseAuth(Conn *connPtr, char *auth)
#if 0

This of course disables any authorisation.

If you don't use authorisation and have not planned an upgrade to a later release of AOLserver then this gives a quick fix to the security problem.

This still leaves the problem in the TCL ns_uudecode function.