Forum OpenACS Q&A: Re: Security concerns on AOLserver/3.3.1+ad13

Collapse
Posted by Andrew Piskorski on
Larry, the vulnerabiltiy you mention was discussed here in this thread back in April. The consensus was that that particular buffer overrun was not a problem for OpenACS (as nspd is not used), but that it would be good to look for similar vulnerabilities elsewhere in the code.

AFAIK, nothing else came of that. It would also be good to check the lastest AOLserver sources , to see if nspd has been fixed, and bring it up on the AOLserver list if not. You might also be interested in Jon Griffin's recent AOLserver Security Audit thread.