Larry, the vulnerabiltiy you mention was discussed here
in this thread back in April. The consensus was that that particular buffer overrun was not a
problem for OpenACS (as nspd is not used), but that it would be good
to look for similar vulnerabilities elsewhere in the code.
AFAIK, nothing else came of that. It would also be good to check the
lastest
AOLserver sources ,
to see if nspd has been fixed, and bring it up on the AOLserver list
if not. You might also be interested in Jon Griffin's recent
AOLserver Security Audit thread.
