TriNetre - Archive for March 26, 2004

(no longer updated)

« March 25, 2004 | Main | March 30, 2004 »


March 26, 2004
Vulnerability in Movable Type
[Security] @ 10:20 AM

[Update on March 27, 2004, 14:45 hrs]

The vulnerability report has been removed on request of Six Apart, the developers of Movable Type.

What happened is as follows - I had sent a bug report (to the email address contact at sixapart dot com) a week ago with details of the bug, in accordance with the Full Disclosure Policy (RFPolicy) v2.0. Couple of days later, I had sent an update to the report, again to the same address. Since I did not hear from Six Apart after a week, as laid out in the policy, I released the bug report in the open by posting it here and posting a link to the post in the "Bug Report" forum on Movable Type site.

This post was removed/moderated. The explanation given was a bit weird (to say the least). So I shot off an email to the email address mentioned in the explanation asking what exactly was the reason why the post was moderated. Benjamin Trott replied, stating that they had not received either of my bug report related emails even though the email address I sent to was valid. Since the bug report was never received by them, they had removed the post in the forum. They also requested me to remove my post in TriNetre.

Given all this, and the assurance from Ben that the bug has been fixed in MT 3, I decided to remove the content of the post.

However, if you need a patch to the vulnerability, please use the contact form and send me an email. Please indicate the URL of your MT powered weblog (so that I can be sure you are not a spammer looking for a booty).

[Update on March 27, 2004, 20:42 hrs] Hm.. I am getting too many emails. Since I am in the midst of packing up my house and shifting into another, I just don't have the time to answer to all the emails. So, I am going to give details on how to patch the codes. Edit the base_dir/lib/MT/Mail.pm (MT v 2.661) and change line number 88 from the present:

exec $sm_loc, "-t" or

to

exec $sm_loc, "-oi", "-t" or

After editing, save the file. That is it.


Link | Comments (0) |


Coffee
[Quotes] @ 10:00 AM

Coffee

Screw the French Press, we've got the Sock!

At first coffee kept me alert
Then it kept me awake
And now it keeps me alive.

- Quotes seen at a local coffee shop

Link | Comments (0) |