next »

[iuasap]

I am using calendarscript version 3.1 for the Indiana University (IU) Adolescent Substance Abuse Prevention Program and have recently been informed by the IU webmaster of the following:

"Your web account currently has a calendaring script installed that has a known exploit.  For security reasons, we had to disable the following scripts:

/ip/iuasap/www/calendar.pl
/ip/iuasap/www/calendar_admin.pl

If you wish to continue using your current calendaring script you will need to obtain a fix or patch from the vendor/source of the calendar script."

Are you aware of the "known exploits" in question and can you recommend any fix/patches?  
Regards
Leslie Hulvershorn

[DanO]

** Are you aware of the "known exploits" in question **

Yes, Matt (CalendarScript's author) has corrected the exploits in the current version. See http://www.calendarscript.com/download/history.txt

** can you recommend any fix/patches? **

Sure, upgrade the installation (available from the download page - you'll likely have to install the 3.2 upgrade first then the 3.21 upgrade) or replace the existing files with the current 3.21 version*.

*Overwriting a current installation with with the most recent release will result in the loss of most data (for the default calendar anyway) and any modifications and settings which have been made to it.

JMO

Dan O.
Unofficial CalendarScript - Mods and Plugins site

[This message has been edited by DanO (edited November 28, 2004).]