Bugtraq mailing list archives
Antwort: Openwebmail 1.71 remote root compromise
From: "Stephan Sachweh" <Stephan.Sachweh () pallas com>
Date: Mon, 23 Dec 2002 01:29:50 +0100
On 18.12.2002 18:37:59 Dmitry Guyvoronsky wrote:
Software : Openwebmail (http://openwebmail.org) Version : ?.?? -> 1.71 (current) Type : Arbitrary commands execution Remote : yes Root : yes (!!!) Date : December 18, 2002
IV. RECOMENDATIONS Temporary disable using of openwebmail until patch will be released by
the
vendor or fix openwebmail-shared.pl, changing - --- $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid - --- into - --- $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid $loginname =~ s/[\.\/\;\|\'\"\`\&]//g; - ---
This Fix does not work if loginname includes the internet domain name (the dot´s disapear). Change into: $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid $loginname =~ s/[\/\;\|\'\"\`\&]//g; $loginname =~ s/\.\.//g; Freundliche Gruesse / Best Regards Stephan Sachweh Abteilungsleiter Security Operations -------------------------------------------------------------------- //// pallas / A Member of the ExperTeam Group Pallas GmbH / Emil-Figge-Str. 85 / 44227 Dortmund / Germany Stephan.Sachweh () pallas com / www.pallas.com Tel +49-231-9704-221 / Fax +49-231-9704-609 / Mobile +49-173-5490754 --------------------------------------------------------------------
Current thread:
- Antwort: Openwebmail 1.71 remote root compromise Stephan Sachweh (Dec 23)