|
Vulnerability TclPro Debugger Affected TclPro Debugger beta release 1 & 2 Description The 1.0 beta 1 & 1.0 beta 2 releases of the TclPro Debugger contain a security hole. A bug in those releases makes the debugger vulnerable to malicious attacks on the port the debugger listens on for connections with Tcl applications. This was reported by Ray Johnson. Solution It is suggested that if you are currently using either TclPro Debugger beta 1 or beta 2 that you stop using it and download the beta 3 version of TclPro Debugger. The beta 3 release contains no known security related bugs. As with any beta software, we recommend that you never run the debugger as root or on machines that are critical to your environment.