Gossamer Forum
Home : Products : DBMan : Discussions :

Security vulnerabilities in 2.05?

Quote Reply
Security vulnerabilities in 2.05?
Are there any known security vulnerabilities in DBMAN 2.05? I just ran across a DBMAN "review" which said there were some vulnerabilities but the fixes had to be downloaded from third-party web sites. I'm trying to sort this out to make sure I'm not at unnecessary risk.
Quote Reply
Re: [acravens] Security vulnerabilities in 2.05? In reply to
It'd be interesting to see what the review said... Here is what I have in my notes from a while back - this is the only "fix" I've been aware of for any of the 2.04 & 2.05 versions:

This was originally a post from Alex....

Quote:

I will update DBMan and Links 2.0 in the next 10 minutes or so fixing that issue, and a minor one brought to my attention from Blackwatch Labs -- passing in an invalid config file name can give viewers insight into your system setup as it shows the environment variables. By default you won't get a full error message unless db_debug is turned on.

For those of you who have modified it a lot, it is a quick fix, in sub query replace:

$regexp_func[$field] = eval "sub { m/$tmpreg/o; }";

with:

$regexp_func[$field] = eval 'sub { m/$tmpreg/o; }';
Quote Reply
Re: [Watts] Security vulnerabilities in 2.05? In reply to
Thanks for the info. I will modify my source today. I'll find that review and send a link to it.