Please note that this has also been fixed in 0.1.5 which has been available now for well over a week (Thanks to KF's work at Snosoft). There were many 'exploits' in version 0.1.4 due to the use of sprintf() calls through out the codebase. These have all been changed over to the safer usage of snprintf(). Certainly there may still be more exploits in the codebase as the codebase is no longer actively maintained (apart from when I receive bug/exploit reports), hence it would only be productive to use the latest release for your hunting. Furthermore, I believe there's a proceedure and protocol for disclosure of bugs/exploits, please, I would appeciate it if in future that was used. Regards. -- Paul L Daniels http://www.pldaniels.com Linux/Unix systems Internet Development ICQ#103642862,AOL:pldsoftware,Yahoo:pldaniels73 A.B.N. 19 500 721 806
