O'Reilly Network: Insecurities in a Nutshell: Twig, Midnight Commander, and MoreDec 08, 2000, 08:53 (0 Talkback[s])
(Other stories by Noel Davis)
"Welcome to the Insecurities in a Nutshell security column, an overview of new Unix and open source security-related advisories and news. Problems this week include arbitrary code execution in Twig, new symlink attacks, a hidden control code attack on Midnight Commander, and a LANGUAGE attack on glibc."
"Twig, a popular web mail system that was once named Muppet, has a vulnerability that can lead to the execution of arbitrary code on your web server. There is a problem with the virtual hosting setup in Twig that can allow an attacker to cause a remote file to be loaded and executed. At this time there does not seem to be an official fix for this problem...."