lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <86ismq8g4n.fsf@blue.stonehenge.com>
From: merlyn at stonehenge.com (Randal L. Schwartz)
Subject: Re: Gaim festival plugin exploit

>>>>> "error" == error  <error@...tinthenoise.net> writes:

error> Perhaps someone should ask:

error> "(Is s/[^\w]//g really that hard to do?!)"

Or if a shell was even needed at all to pump the data.

error> So a fixed version would look like this:

error> AIM::register("Festival TTS", "0.0.1", "goodbye", "");
error> AIM::print("Perl Says", "Loaded Festival TTS");
error> AIM::command("idle", "60000") if ($pro ne "Offline");
error> AIM::add_event_handler("event_im_recv", "synthesize");

error> sub goodbye {
error> 	AIM::print("Module Unloaded", "Unloaded Festival TTS");
error> }

error> sub synthesize {
error>     my $string = $_[0];
error>     $string =~ s/\<.*?\>//g;
error>     $string =~ s/\".*\"//;
error>     $string =~ s/[^\w]//g;
error>     system("echo \"$string\" | /usr/bin/festival --tts");

No, change this to

        open FEST, "|/usr/bin/festival -tts";
        print FEST $string;
        close FEST;

error> }

No shell needed.  No worries, mate.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...nehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ