Unofficial SQL-Ledger patch for CVE-2007-0667

[Chris Travers <chris () metatrontech com>]

This patch was made against SQL-Ledger 2.6.18 but just modifies a few 
lines in the redirect() function in the Form.pm.  I have decided that it 
is probably best to release the patch and then wait a while before 
releasing full disclosure.  The author of SQL-Ledger has declined to use 
this patch.

Best Wishes,
Chris Travers

diff -C3 -r sql-ledger-orig/SL/Form.pm sql-ledger/SL/Form.pm
*** sql-ledger-orig/SL/Form.pm  2007-02-05 18:20:34.000000000 -0800
--- sql-ledger/SL/Form.pm       2007-02-05 18:23:06.000000000 -0800
***************
*** 311,318 ****
  
    if ($self->{callback}) {
  
!     my ($script, $argv) = split(/\?/, $self->{callback});
!     exec ("perl", $script, $argv);
     
    } else {
      
--- 311,327 ----
  
    if ($self->{callback}) {
  
!       my ($script, $argv) = split(/\?/, $self->{callback});
!       foreach (qw/admin.pl login.pl am.pl ap.pl ar.pl bp.pl ca.pl 
!                       cp.pl ct.pl menu.pl gl.pl hr.pl ic.pl ir.pl
!                       is.pl jc.pl oe.pl pe.pl ps.pl rc.pl rp.pl/) {
!               if ($_ =~ /(?:custom_)?$script/) {
!                       exec ("perl", $script, $argv);
!               }
!       }
!       # $script not in whitelist
!       $self->error('Access Denied!')
! 
     
    } else {

Attachment: chris.vcf
Description: