My favorite XML-RPC debugger has been taken offline because of a huge security vulnerability in Python's SimpleXMLRPCServer library:

On vulnerable XML-RPC servers, a remote attacker may be able to view or modify globals of the module(s) containing the registered instance's class(es), potentially leading to data loss or arbitrary code execution. If the registered object is a module, the danger is particularly serious. For example, if the registered module imports the os module, an attacker could invoke the os.system() function.

Comments

AFAIK fixed in both Python versions 2.3.5 (as of february 8th) and 2.4.1 (march 30).

Moreover, the ,,by hand'' fix was available since AFAIR february. So in this case it's rather a lame excuse and nothing more. ;-)

Add a Comment

These HTML tags are permitted: <p>, <b>, <i>, <a>, and <blockquote>. A comment may not include more than three links. This site is protected by reCAPTCHA (for which the Google Privacy Policy and Terms of Service apply).