Mailing List Archive

Interchange 4.8.6 released
ICDEVGROUP announces the release of Interchange 4.8.6 as of today,
August 12, 2002. Details are at

and download is available at:

This is a mandatory update that solves a serious security problem
where an attacker can read arbitrary files on a system hosting
Interchange. Any files readable by the UID running Interchange
can be read, though they cannot be written.

If you cannot for some reason update immediately, please do
immediately implemement the workaround described in this

It is as simple as removing or renaming the "doc" directory in your
Interchange or Minivend software root directory. If you are not running
in INET mode or you have firewalled any IC INET ports, you are not
vulnerable, but it would be wise to remove that directory anyway.

RPM and Debian installs should not be vulnerable, but you should check
for the existence of that directory anyway and remove it if it is

Details about the changes made in this release of Interchange
can be found in the WHATSNEW:

Mike Heins
Perusion -- Expert Interchange Consulting
phone +1.513.523.7621 <>

Few blame themselves until they have exhausted all other possibilities.
-- anonymous