[Omail-devel] [Fwd: remote root exec vulnerability in omail]
Brought to you by:
swix
Menu
▾
▴
[Omail-devel] [Fwd: remote root exec vulnerability in omail]
|
From: Olivier M. <om-...@om...> - 2004-05-07 15:03:00
|
FYI, a patch would be required, but I have absolutely no time
to work on that the next hours. Carter, would you have some?
regards,
Olivier
-------- Forwarded Message --------
From: Thijs Dalhuijsen <th...@da...>
To: om...@om...
Cc: ful...@li..., bu...@se...
Subject: remote root exec vulnerability in omail
Date: Tue, 04 May 2004 19:10:00 +0200
Mailer: Microsoft-Entourage/10.0.0.1309
product:omail webmail
version: 0.98.5
notified: now
the "patch" on omail.pl still leaves the system wide open for attack,
the regex to filter out " and ' doesn't help you much if your $SHELL is bash
or something similar
both back ticks and more arcane ways of shell expansion $(rm -rf /) are
still possible
fix it by replacing the regex around line 411 to something like
$password = quotemeta($password);
Happy patching,
Thijs
--
map{map{tr|10|# |;print}split//,sprintf"%.8b\n",$_}
unpack'C*',unpack'u*',"5`#8<3'X`'#8^-@`<-CPP`#8V/C8`"
|