| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 15 Oct 2003 12:17:44 -0700
From: merlyn@...nehenge.com (Randal L. Schwartz)
To: error <error@...tinthenoise.net>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: Gaim festival plugin exploit
>>>>> "error" == error <error@...tinthenoise.net> writes:
error> Perhaps someone should ask:
error> "(Is s/[^\w]//g really that hard to do?!)"
Or if a shell was even needed at all to pump the data.
error> So a fixed version would look like this:
error> AIM::register("Festival TTS", "0.0.1", "goodbye", "");
error> AIM::print("Perl Says", "Loaded Festival TTS");
error> AIM::command("idle", "60000") if ($pro ne "Offline");
error> AIM::add_event_handler("event_im_recv", "synthesize");
error> sub goodbye {
error> AIM::print("Module Unloaded", "Unloaded Festival TTS");
error> }
error> sub synthesize {
error> my $string = $_[0];
error> $string =~ s/\<.*?\>//g;
error> $string =~ s/\".*\"//;
error> $string =~ s/[^\w]//g;
error> system("echo \"$string\" | /usr/bin/festival --tts");
No, change this to
open FEST, "|/usr/bin/festival -tts";
print FEST $string;
close FEST;
error> }
No shell needed. No worries, mate.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...nehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists