Bugtraq mailing list archives
Re: squirrelmail 1.2.5 email user can execute command
From: Konstantin Riabitsev <icon () phy duke edu>
Date: 31 Mar 2002 16:21:40 -0500
On Wed, 2002-03-27 at 20:16, pokleyzz sakamaniaka wrote:
email user can append $THEME variable through cookies
This is very obscure and is limited only to valid users within your squirrelmail application (e.g. the person has to have a valid login in order to exploit this vulnerability). The problem is fixed in the current CVS and will be out with Squirrelmail-1.2.6. Here is the fix, should you want to apply it, or just wait till the next release, since this is not a high-risk vulnerability. Regards, Konstantin Riabitsev, Squirrelmail Bugmaster hotfix: --- validate.php.orig Sun Mar 31 16:15:52 2002 +++ validate.php Fri Mar 29 00:28:05 2002 @@ -61,6 +61,15 @@ * Include them down here instead of at the top so that all config * variables overwrite any passed in variables (for security). */ + +/** + * Reset the $theme() array in case a value was passed via a cookie. + * This is until theming is rewritten. + */ +global $theme; +unset($theme); +$theme=array(); + require_once('../config/config.php'); require_once('../src/load_prefs.php'); require_once('../functions/page_header.php');
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: squirrelmail 1.2.5 email user can execute command Konstantin Riabitsev (Apr 01)