[Lxr-dev] Random file opening vulnerability in LXR
Brought to you by:
ajlittoz
Menu
▾
▴
[Lxr-dev] Random file opening vulnerability in LXR
|
From: Arne G. G. <ar...@li...> - 2003-03-10 09:20:56
|
Hi all,
I've been alerted of a vulnerability in LXR 0.3 allowing an attacker
to read random files on the hosting system as the http user.
I've implemented a stop-gap fix on the lxr.linux.no site by patching
lib/LXR/Config.pm as follows:
--- lib/LXR/Config.pm 1998/04/30 11:58:17 1.3
+++ lib/LXR/Config.pm 2003/03/10 09:13:32
@@ -155,7 +155,9 @@
sub varexpand {
my ($self, $exp) = @_;
- $exp =~ s/\$\{?(\w+)\}?/$self->{variable}->{$1}/g;
+ $exp =~ s{\$\{?(\w+)\}?}{
+ $self->{variable}->{$1} =~ /^([a-zA-Z0-9\.\-]*)$/ ? $1 : ''
+ }ge;
return($exp);
}
It looks like 0.9.2 is vulnerable, as well. Malcolm, do you want to
publish updates to the download images on the sourceforge site?
Arne.
|
