Bugtraq mailing list archives
remote root exec vulnerability in omail
From: Thijs Dalhuijsen <thijs () dalhuijsen com>
Date: Tue, 04 May 2004 19:10:00 +0200
product:omail webmail version: 0.98.5 notified: now the "patch" on omail.pl still leaves the system wide open for attack, the regex to filter out " and ' doesn't help you much if your $SHELL is bash or something similar both back ticks and more arcane ways of shell expansion $(rm -rf /) are still possible fix it by replacing the regex around line 411 to something like $password = quotemeta($password); Happy patching, Thijs -- map{map{tr|10|# |;print}split//,sprintf"%.8b\n",$_} unpack'C*',unpack'u*',"5`#8<3'X`'#8^-@`<-CPP`#8V/C8`"
Current thread:
- remote root exec vulnerability in omail Thijs Dalhuijsen (May 05)