[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Fwd: Antwort: Openwebmail 1.71 remote root compromise

On Mon, 23 Dec 2002, Bruce Timberlake wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> FYI, for those of you who patched this morning.  Probably not
> relevant, given the way that usernames are set up on the RaQ, but...
>
> - ----------  Forwarded Message  ----------
>
> Subject: Antwort: Openwebmail 1.71 remote root compromise
> Date: Mon, 23 Dec 2002 01:29:50 +0100
> From: "Stephan Sachweh" <Stephan.Sachweh@xxxxxxxxxx>
> To: bugtraq@xxxxxxxxxxxxxxxxx
>
> On 18.12.2002 18:37:59 Dmitry Guyvoronsky wrote:
> > Software : Openwebmail (http://openwebmail.org)
> > Version  : ?.?? -> 1.71 (current)
> > Type     : Arbitrary commands execution
> > Remote   : yes
> > Root     : yes (!!!)
> > Date     : December 18, 2002
> >
> >
> > IV. RECOMENDATIONS
> >
> > Temporary disable using of openwebmail until patch will be released
> > by the vendor or fix openwebmail-shared.pl, changing
> >
> > - ---
> > $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
> > - ---
> >
> > into
> >
> > - ---
> > $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
> > $loginname =~ s/[\.\/\;\|\'\"\`\&]//g;
> > - ---
>
> This Fix does not work if loginname includes the internet domain name
>  (the dotīs disapear).
>

Why would a username include the domain name???



> Change into:
> $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
> $loginname =~ s/[\/\;\|\'\"\`\&]//g;
> $loginname =~ s/\.\.//g;
>


Well, I logged into two of my servers with two different user name
and it worked?????

Gerald
--
http://frontstreetnetworks.com | http://raqware.com
Front Street Networks LLC  | Phone: +1 203-785-0699
229 Front Street, Ste. C, New Haven, CT. 06513-3203