shad.cc

To content | To menu | To search

Tag - gnump3d

Entries feed - Comments feed

Wednesday, October 24 2007

Gnump3d: New release is imminent.

By shad on Wednesday, October 24 2007, 17:30

Steve Kemp, gnump3d founder and current maintainer is going to release a new version of gnump3d.

This release will introduce some changes:

  • Password authentication is completely going away, due to some problems, especially discovery of a new hole which can be verified with netcat:
GET / HTTP/1.0
-> All looks good. You'll get a 403 header back.
Now try this malformed request instead:
GET /
-> Password auth bypassed :(

This hole can be explained by the home-made web server implemented.

  • "Split warning" will be removed when gnump3d is starting (index updating).
  • Some other bugs reported by mail will be fixed.

2 comments

Wednesday, June 20 2007

HTTP digest authentication for gnump3d

By shad on Wednesday, June 20 2007, 18:05

Last month, I wrote a patch for gnump3d authentication, to add support of HTTP digest authentication. This patch has been included in the last release (2.9final). At present, this release is available in some linux distributions, but not in all of them (like gentoo).

If you need this feature, you will be able to find the patch here.