Bugtraq mailing list archives
Re: Security problems with TWIG webmail system
From: Geoff Martin <geoff () BROCKU CA>
Date: Wed, 29 Nov 2000 15:05:40 -0000
Twig is a popular webmail system written in
PHP, once called Muppet.
Author: Christopher Heschong Homepage: http://twig.screwdriver.net Version: 2.5.1 ( latest ) Problem: The possibility of processing our own
php file , can leed to
arbitrary command execution on the server as
the httpd user.
I'll refrain from the usual comments about
disclosure of vulnerability
information without fix details. As a short term
fix try the following:
Simply add: unset($config); unset($vhosts); at the top of config/config.inc.php3 Also add: unset($dbconfig); at the top of config/dbconfig.inc.php3 for good
measure.
Please note that this vulnerability is only
exploitable if the URL fopen
wrappers functionality is compiled in (it is by
default) and the script
isn't being run on the windows platform (Windows
does not support Remote
Files functionality in include() statements).
Another option... in index.php3, replace the line: if( $vhosts[$SERVER_NAME] ) with: if( $vhosts[$SERVER_NAME] && !isset($HTTP_GET_VARS[vhosts]) ) This essentially checks to make sure that the vhosts element was defined locally (in config/config.inc.php3), not in the URL. --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Geoffrey W. Martin Unix Support Group System Administrator Brock University St. Catharines, Ontario geoff () spartan ac BrockU CA Canada =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Current thread:
- Security problems with TWIG webmail system João Gouveia (Nov 28)
- Re: Security problems with TWIG webmail system Shaun Clowes (Nov 29)
- <Possible follow-ups>
- Re: Security problems with TWIG webmail system Geoff Martin (Nov 30)