VULHUB ™

Bavo is a freely available, open source news reader written. It is designed for use on Linux, Unix, and Microsoft operating systems. A problem with the software package could make it possible for a remote user to edit messages. The problem is in the filtering of input. It is possible for a remote user to edit messages in the Bavo archive. By examining the Bavo source and learning the CGI syntax used by Bavo, a remote user may alter the contents of archived messages. This problem makes it possible for an unauthorized remote user to alter the contents of posted messages.

Bavo is a freely available, open source news reader written. It is designed for use on Linux, Unix, and Microsoft operating systems. A problem with the software package could make it possible for a remote user to edit messages. The problem is in the filtering of input. It is possible for a remote user to edit messages in the Bavo archive. By examining the Bavo source and learning the CGI syntax used by Bavo, a remote user may alter the contents of archived messages. This problem makes it possible for an unauthorized remote user to alter the contents of posted messages.