Antwort: Openwebmail 1.71 remote root compromise
From: Stephan Sachweh (Stephan.Sachweh@pallas.com)
Date: 12/23/02
- Previous message: Marc Slemko: "Re: 'printenv' XSS vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com From: "Stephan Sachweh" <Stephan.Sachweh@pallas.com> Date: Mon, 23 Dec 2002 01:29:50 +0100
On 18.12.2002 18:37:59 Dmitry Guyvoronsky wrote:
> Software : Openwebmail (http://openwebmail.org)
> Version : ?.?? -> 1.71 (current)
> Type : Arbitrary commands execution
> Remote : yes
> Root : yes (!!!)
> Date : December 18, 2002
> IV. RECOMENDATIONS
>
> Temporary disable using of openwebmail until patch will be released by
the
> vendor
> or fix openwebmail-shared.pl, changing
>
> - ---
> $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
> - ---
>
> into
>
> - ---
> $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
> $loginname =~ s/[\.\/\;\|\'\"\`\&]//g;
> - ---
This Fix does not work if loginname includes the internet domain name (the
dotīs disapear).
Change into:
$loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
$loginname =~ s/[\/\;\|\'\"\`\&]//g;
$loginname =~ s/\.\.//g;
Freundliche Gruesse / Best Regards
Stephan Sachweh
Abteilungsleiter Security Operations
--------------------------------------------------------------------
//// pallas / A Member of the ExperTeam Group
Pallas GmbH / Emil-Figge-Str. 85 / 44227 Dortmund / Germany
Stephan.Sachweh@pallas.com / www.pallas.com
Tel +49-231-9704-221 / Fax +49-231-9704-609 / Mobile +49-173-5490754
--------------------------------------------------------------------
- Next message: jrodriga@retevision.es: "Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6"
- Previous message: Marc Slemko: "Re: 'printenv' XSS vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
