[UNIX] Hypermail SSI Vulnerability
From: support@securiteam.comDate: 11/27/01
- Previous message: support@securiteam.com: "[TOOL] RegistryBrowser Allows Remote Registry Access to HKEY_CURRENT_USER"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [UNIX] Hypermail SSI Vulnerability Message-Id: <20011127220548.71FB8138BF@mail.der-keiler.de> Date: Tue, 27 Nov 2001 23:05:48 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Hypermail SSI Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.hypermail.org/> Hypermail is a program that takes a file of
mail messages in UNIX mailbox format and generates a set of
cross-referenced HTML documents. A security vulnerability in the product
allows attacker to execute arbitrary commands on servers that run
Hypermail.
DETAILS
Hypermail converts e-mails into HTML. It is generally used to
automatically create web archives of mailing lists. When e-mails are
archived, attachments that are included are archived as well. The
attachments are not modified before archival, and they are stored under
the filename contained in the e-mail.
An attacker can therefore create an arbitrary file on the web server with
an arbitrary extension. If the server supports SSI, an attacker can
include SSI commands in a file, give it the SSI extension (normally
shtml), and mail it. This will create the desired file on the server. The
attacker can than cause the server to execute those SSI commands by
requesting the attachment.
It should be noted that creation of arbitrary files on a web server
carries with it additional insecurities besides SSI and therefore even
servers that do not support SSI may be vulnerable.
Solution:
Hypermail has been patched to convert .shtml extensions to .html. As of
this writing, no further correction has been taken.
Servers should not allow SSI, CGI, or any other type of server processed
content in the Hypermail directory.
ADDITIONAL INFORMATION
The information has been provided by <mailto:advisories@qdefense.com>
qDefense Penetration Testing.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[TOOL] RegistryBrowser Allows Remote Registry Access to HKEY_CURRENT_USER"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
