PHP script: Penguin Traceroute, Remote Command Execution
From: paul jenkins (jenkins@securityfreaks.com)Date: 03/21/02
- Previous message: Mandrake Linux Security Team: "MDKSA-2002:025 - fix for insecure default kdm configuration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "paul jenkins" <jenkins@securityfreaks.com> To: <bugtraq@securityfocus.com> Date: Thu, 21 Mar 2002 14:16:21 -0000
/* ------------------------------ *
* --------Security Freaks------- *
* ----www.securityfreaks.com---- *
* ------------------------------ */
Info
====
Software: Penguin Traceroute
Website: http://www.linux-directory.com/scripts/traceroute.shtml
Versions: 1.0
Platforms: Linux
Vulnerability Type: Remote Command Execution
Details
=======
Penguin Traceroute is a perl script that does traceroute. This is another
script where the author forgets to parse the input for any ; | characters
and anyone user is able to execute anything he wants with the same
permitions as apache. Example: "127.0.0.1;cat /www/secure/.htpasswd"
and there goes the passwords, or if the user apache has write access
"127.0.0.1;echo I iz 1337>index.html".
Fix
===
Open up the perl script in your favorite text editor, find a line that has
"$host = $q->param('host');" Its usually the 13th line down then just add
this line "$host =~ s/[;<>\*\|'&\$!?#\(\)\[\]\{\}:'"\\]//g;" under it and
that should parse out any unwanted characters.
- Previous message: Mandrake Linux Security Team: "MDKSA-2002:025 - fix for insecure default kdm configuration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
