Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SquirrelMail GPG Plugin vuln

From: "James Matthews" <nytrokiss () gmail com>
Date: Mon, 9 Jul 2007 15:41:02 -0700
And now the person that wanted to make money is losing it because of you
people being so nosy! Sniff Sniff =)

On 7/9/07, Nicob <nicob () nicob net> wrote:


Le lundi 09 juillet 2007 à 08:46 -0500, Charles Miller a écrit :
> Also, the vulnerability Nicob pointed out was pre-auth (mine was post-
> auth).

Simply sending an email to an user using the PGP plugin was enough to
compromise the server hosting SquirrelMail. That's nice, as the webmail
URL doesn't have to be known. The server can even be unreachable from
the Internet.

That's imho more than pre-auth, as you can blindly send tons of mails to
random addresses and compromise some servers.

592 function gpg_check_sign_pgp_mime($message,$fullbodytext) {
[...]
639 //$messageSignedText = escapeshellarg($messageSignedText);
640 $messageSignedText = ereg_replace("\"", "\\\"",$messageSignedText );
[...]
661 $command = "echo -n \"$messageSignedText\" | [blablabla]

Nicob





_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave





--
http://www.goldwatches.com/watches.asp?Brand=14
http://www.jewelerslounge.com

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: