lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 May 2004 19:10:00 +0200 From: Thijs Dalhuijsen <thijs@...huijsen.com> To: <omail@...il.ch> Cc: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com> Subject: remote root exec vulnerability in omail product:omail webmail version: 0.98.5 notified: now the "patch" on omail.pl still leaves the system wide open for attack, the regex to filter out " and ' doesn't help you much if your $SHELL is bash or something similar both back ticks and more arcane ways of shell expansion $(rm -rf /) are still possible fix it by replacing the regex around line 411 to something like $password = quotemeta($password); Happy patching, Thijs -- map{map{tr|10|# |;print}split//,sprintf"%.8b\n",$_} unpack'C*',unpack'u*',"5`#8<3'X`'#8^-@`<-CPP`#8V/C8`" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists