[ previous ] [ next ] [ threads ]
 From:  Fred Weston <fred dot weston at daytonawan dot com>
 To:  Xu Keqian <keqian at zhsoft dot org>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] big bug! persistence reload web interface too quickly, m0n0wall will down!
 Date:  Mon, 03 May 2004 03:19:51 -0400
Xu Keqian wrote:

>hello,KH Lau
>    this bug may be using by hostility person. It's a hidden trouble.
Let me jump in and say that this is probably not directly related to
m0n0wall. It is more likely a problem with mini_httpd or php, if it is
indeed a problem. In order for someone to exploit this problem, they
would need to have access to the webGUI. They first need to get on the
inside of your network and then they need the management password. If
PHP works the same way ASP and IIS does, then the script interpreter is
not invoked until authentication has occured.

Fred Weston
DaytonaWAN Networks, Inc.