Vulnwatch mailing list archives
Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote command execution
From: Tomasz Grabowski <cadence () apollo aci com pl>
Date: Mon, 23 Feb 2004 23:07:36 +0100 (CET)
Lam3rZ Security Advisory #3/2004 23 Feb 2004 Remote command execution in Confirm Name: Confirm <=0.62 Severity: High Software URL: http://freshmeat.net/projects/confirm/ Software author: David Lechnyr <davidrl/at/comcast/dot/net> Advisory author: Mariusz Woloszyn <emsi/AT/GTS/dot/PL> Vendor notified: Feb 6, 2004 Vendor confirmed: Feb 6, 2004 Vendor fix: Feb 9, 2004 Impact: ------- Confirm is a simple procmail script that uses a pattern-matching auto-whitelist to help identify unsolicited email. A forged email headers may lead to a remote command execution under users (or even root, if root uses confirm) privileges. Description: ------------ Due to insufficient user supplied data filtering, emails containing special characters, like ",`,|,;,$ and so on in headers may trick confirm and lead to command execution. How to patch: ------------- Install confirm-0.70 from: http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz Please note, that significant changes has happened since previous version!!! Regards, -- Mariusz Woloszyn Internet Security Specialist, GTS - Internet Partners
Current thread:
- Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote command execution Tomasz Grabowski (Feb 23)