From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,677618ce4674ae55 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-03-13 18:30:31 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!arclight.uoregon.edu!wn13feed!wn12feed!worldnet.att.net!204.127.198.203!attbi_feed3!attbi.com!rwcrnsc54.POSTED!not-for-mail From: tmoran@acm.org Newsgroups: comp.lang.ada Subject: Re: AdaIC opens the Ada Sites search engine References: X-Newsreader: Tom's custom newsreader Message-ID: <19bca.84036$qi4.49546@rwcrnsc54> NNTP-Posting-Host: 12.234.13.56 X-Complaints-To: abuse@attbi.com X-Trace: rwcrnsc54 1047609021 12.234.13.56 (Fri, 14 Mar 2003 02:30:21 GMT) NNTP-Posting-Date: Fri, 14 Mar 2003 02:30:21 GMT Organization: AT&T Broadband Date: Fri, 14 Mar 2003 02:30:25 GMT Xref: archiver1.google.com comp.lang.ada:35306 Date: 2003-03-14T02:30:25+00:00 List-Id: > The AdaIC search engine is created with a set of Ada applications, all > written in Ada 95. For more on the search engine and how to use it, see > http://www.adaic.com/site/search-info.html. It's interesting to compare this to the recent: > *** {03.10.020} Cross - DeleGate robots.txt overflow > > DeleGate versions prior to 8.5.0 do not properly handle large robot.txt > files, thereby allowing a malicious Web site to execute arbitrary > code on the DeleGate system. > > This vulnerability is confirmed and fixed in version 8.5.0. > > Source: SecurityFocus Bugtraq > http://archives.neohapsis.com/archives/bugtraq/2003-03/0160.html The early indexer didn't handle giant robots.txt files gracefully either. It just stopped and logged the problem however: no "arbitrary code execution" since it was written in Ada and no checks were suppressed.