Bugtraq mailing list archives
Re: majordomo local exploit
From: Todd.Miller () COURTESAN COM (Todd C. Miller)
Date: Wed, 29 Dec 1999 00:03:01 -0700
For those using perl 5.x, you can use sysopen() instead of the "magic" perl open() to fix this. - todd --- resend Thu Aug 19 10:12:03 1999 +++ resend+ Tue Dec 28 23:55:39 1999 @@ -58,7 +58,7 @@ if ($ARGV[0] =~ /^\@/) { $fn = shift(@ARGV); $fn =~ s/^@//; - open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped"); + sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped"); undef($/); # set input field separator $av = <AV>; # read whole file into string close(AV);
Current thread:
- Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt Ussr Labs (Dec 27)
- Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3) v2.3.1 Steven Alexander (Dec 27)
- Trend Micro InterScan VirusWall SMTP bug asl () USA ALCATEL COM (Dec 27)
- L0pht Advisory: initscripts-4.48-1 RedHat Linux 6.1 Mudge (Dec 27)
- UnixWare local pis exploit Brock Tellier (Dec 27)
- Third Party Software Affected by IIS "Escape Character Parsing" V ulnerability Microsoft Product Security Response Team (Dec 28)
- majordomo local exploit Brock Tellier (Dec 28)
- $cf Security flaw Shevek (Dec 02)
- Re: majordomo local exploit Christopher Schulte (Dec 28)
- Re: majordomo local exploit Todd C. Miller (Dec 28)
- AltaVista rudi carell (Dec 29)
- Re: majordomo local exploit Taneli Huuskonen (Dec 29)
- Re: majordomo local exploit Coolio (Dec 29)
- Re: majordomo local exploit Henrik Edlund (Dec 29)
- bna,sh Loneguard (Dec 30)
- Re: majordomo local exploit Andrew Brown (Dec 30)
- Re: majordomo local exploit Henrik Nordstrom (Dec 30)
- Fix for HP-UX automountd/autofs exploit (fwd) Doug Siebert (Dec 30)
- Re: Fix for HP-UX automountd/autofs exploit (fwd) LaMont Jones (Dec 31)
- vibackup.sh Loneguard (Dec 31)