COMMAND

	wwwoffle remote privilege escalation

SYSTEMS AFFECTED

	7.1, 7.2, 7.3, 8.0

PROBLEM

	In SuSE security announcement [SuSE-SA:2002:029] :
	

	The WWWOFFLE, World Wide Web Offline Explorer, program suite acts  as  a
	HTTP, FTP and Finger proxy to allow users with  dial-up  access  to  the
	internet to do offline WWW browsing.
	

	The parsing code of wwwoffled that processes HTTP PUT and POST  requests
	fails to handle a Content Length value smaller then -1. It  is  believed
	that an attacker could exploit this bug to gain remote wwwrun access  to
	the system wwwoffled is running on.

SOLUTION

	As  temporary  workaround  the  wwwoffle  daemon  can  be  disabled  the
	following way (as root):
	

	        rcwwwoffle stop

	

	If wwwoffled is started at  boottime,  you  have  to  modify  your  boot
	scripts too.
	

	Get the SuSE patch from [ftp://ftp.suse.com] for  your  platform,  patch
	are available.