Re: [Nms-cgi-devel] problems with nms-cgi formmail.pl

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Regarding search.pl:
>*  Arbitrary command execution in search.pl if filenames
>    ending in "|" can be created.

1.) I will add something to the wanted function to parse out filenames 
ending in |.

[SNIP]

>search
>======
>
>Interpolates user input into pattern matches without \Q \E,
>leading to a CPU-bound DoS.

2.) I haven't gotten to this part of the script yet (been busy with 
midterms), but thanks for pointing it out.

>Shell metacharacters in filenames could lead to arbitrary
>command execution while FILE is opened.

3.) See 1.

>Interpolates user input into output HTML with no checking.

4.) I'm going to fix that up completely, but you have an valid point

[SNIP]

Regarding countdown.pl:

>countdown
>=========
>
>User input passed unchecked to strftime.  I was able to segfault
>perl 5.00503 in libc under linux by passing negative numbers to
>strftime, so some sort of sanity check is probably in order.

1.) Woopsy.  Will do.  Thanks.

>The line
> > foreach (reverse 0 .. $#from_date)
>allows an attacker to choose the number of goes around this loop.
>No obvious impact.

2.) I'm not sure what you mean here :)