Bugtraq mailing list archives

Re: Several new CGI vulnerabilities

From: angus () INTASYS COM (Gus)
Date: Tue, 10 Nov 1998 14:44:23 +0000


On Mon, 9 Nov 1998, xnec wrote:


EXPLOIT:

Each of these are exploitable by inputing metacharacters into the
recipient's email address.  Each script calls something similar
to:

 open( MAIL, "|$mailprog $email" )


This is one that just won't go away, and rather than try the (frankly
quite fruitless) metachar filtering route, it might be an idea for CGI
providing ISP's to insist on the use of perl's Mail::Sendmail module,
which cuts out any potential pipe/metachar related bugs by communicating
directly w/ the SMTP server.


$LOCAL_CPAN_MIRROR/authors/id/M/MI/MIVKOVIC/Mail-Sendmail-0.74.tar.gz

See http://www.perl.com/CPAN for a list of mirror sites.


Regards
        Gus


--
                                angus () intasys com
                          http://www.intasys.com/~angus/

Current thread:

Several new CGI vulnerabilities xnec (Nov 09)
- Vulnerabilities with Swish Job de Haas (Nov 09)
- Re: Several new CGI vulnerabilities Karl Hanmore (Nov 10)
- Re: Several new CGI vulnerabilities Gus (Nov 10)
  - Buffer overflow in Xprt Paolo Molaro (Nov 09)
  - Re: Several new CGI vulnerabilities Lincoln Stein (Nov 10)
  - Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) Andi Kleen (Nov 10)
    - Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) David S. Miller (Nov 11)
- Vulnerabilities with Swish Jochen Thomas Bauer (Nov 10)
- <Possible follow-ups>
- Re: Several new CGI vulnerabilities Lincoln Stein (Nov 12)