Bugtraq mailing list archives
Re: Several new CGI vulnerabilities
From: lstein () cshl org (Lincoln Stein)
Date: Tue, 10 Nov 1998 14:43:27 -0500
Gus writes:
On Mon, 9 Nov 1998, xnec wrote:EXPLOIT: Each of these are exploitable by inputing metacharacters into the recipient's email address. Each script calls something similar to: open( MAIL, "|$mailprog $email" )This is one that just won't go away, and rather than try the (frankly quite fruitless) metachar filtering route, it might be an idea for CGI providing ISP's to insist on the use of perl's Mail::Sendmail module, which cuts out any potential pipe/metachar related bugs by communicating directly w/ the SMTP server.
Net::SMTP is more likely to be installed on ISP's machines. Mail::Sendmail is a bit of an oddball. There are also other ways to avoid the fruitless metachar search and destroy mission. First off, why do people think they need to put the recipient's address on the command line in the first place? open (MAIL,"| /usr/lib/sendmail -t -oi"); print MAIL <<END; To: $mailto From: me (me\@nowhere.com) Subject: nothing much Hi there! END close MAIL; And here's a general Perl technique for opening pipes without getting the shell involved at all: open (MAIL,"|-") || exec '/usr/lib/sendmail','-t','-oi'; print MAIL <<END; To: $mailto From: me (me\@nowhere.com) Subject: nothing much Hi there! END close MAIL; Lincoln -- ======================================================================== Lincoln D. Stein Cold Spring Harbor Laboratory lstein () cshl org Cold Spring Harbor, NY ========================================================================
Current thread:
- Several new CGI vulnerabilities xnec (Nov 09)
- Vulnerabilities with Swish Job de Haas (Nov 09)
- Re: Several new CGI vulnerabilities Karl Hanmore (Nov 10)
- Re: Several new CGI vulnerabilities Gus (Nov 10)
- Buffer overflow in Xprt Paolo Molaro (Nov 09)
- Re: Several new CGI vulnerabilities Lincoln Stein (Nov 10)
- Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) Andi Kleen (Nov 10)
- Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) David S. Miller (Nov 11)
- Vulnerabilities with Swish Jochen Thomas Bauer (Nov 10)
- <Possible follow-ups>
- Re: Several new CGI vulnerabilities Lincoln Stein (Nov 12)