| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Feb 2004 22:14:45 +0100 (CET) From: Mariusz Woloszyn <emsi@...rtners.pl> To: bugtraq@...urityfocus.com Subject: Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote command execution Lam3rZ Security Advisory #3/2004 23 Feb 2004 Remote command execution in Confirm Name: Confirm <=0.62 Severity: High Software URL: http://freshmeat.net/projects/confirm/ Software author: David Lechnyr <davidrl/at/comcast/dot/net> Advisory author: Mariusz Woloszyn <emsi/AT/GTS/dot/PL> Vendor notified: Feb 6, 2004 Vendor confirmed: Feb 6, 2004 Vendor fix: Feb 9, 2004 Impact: ------- Confirm is a simple procmail script that uses a pattern-matching auto-whitelist to help identify unsolicited email. A forged email headers may lead to a remote command execution under users (or even root, if root uses confirm) privileges. Description: ------------ Due to insufficient user supplied data filtering, emails containing special characters, like ",`,|,;,$ and so on in headers may trick confirm and lead to command execution. How to patch: ------------- Install confirm-0.70 from: http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz Please note, that significant changes has happened since previous version!!! Regards, -- Mariusz Wołoszyn Internet Security Specialist, GTS - Internet Partners
Powered by blists - more mailing lists