[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Fwd: Antwort: Openwebmail 1.71 remote root compromise
- Subject: [cobalt-users] Fwd: Antwort: Openwebmail 1.71 remote root compromise
- From: Bruce Timberlake <bruce@xxxxxxxxxx>
- Date: Mon Dec 23 10:09:00 2002
- Organization: BRTNet.org
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FYI, for those of you who patched this morning. Probably not
relevant, given the way that usernames are set up on the RaQ, but...
- ---------- Forwarded Message ----------
Subject: Antwort: Openwebmail 1.71 remote root compromise
Date: Mon, 23 Dec 2002 01:29:50 +0100
From: "Stephan Sachweh" <Stephan.Sachweh@xxxxxxxxxx>
To: bugtraq@xxxxxxxxxxxxxxxxx
On 18.12.2002 18:37:59 Dmitry Guyvoronsky wrote:
> Software : Openwebmail (http://openwebmail.org)
> Version : ?.?? -> 1.71 (current)
> Type : Arbitrary commands execution
> Remote : yes
> Root : yes (!!!)
> Date : December 18, 2002
>
>
> IV. RECOMENDATIONS
>
> Temporary disable using of openwebmail until patch will be released
> by the vendor or fix openwebmail-shared.pl, changing
>
> - ---
> $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
> - ---
>
> into
>
> - ---
> $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
> $loginname =~ s/[\.\/\;\|\'\"\`\&]//g;
> - ---
This Fix does not work if loginname includes the internet domain name
(the dot´s disapear).
Change into:
$loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
$loginname =~ s/[\/\;\|\'\"\`\&]//g;
$loginname =~ s/\.\.//g;
- --
Bruce Timberlake
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+B08FvLA2hUZ9kgwRAr8DAJ9Bob7cxi3BOg/kQrayRAh+nTntTwCfUTmk
DgsjWcubGsQewBOYvbsTk2w=
=ojPE
-----END PGP SIGNATURE-----