Bugtraq mailing list archives

Re: Security problems with TWIG webmail system

From: Shaun Clowes <shaun () SECUREREALITY COM AU>
Date: Tue, 28 Nov 2000 10:17:04 +1100

Twig is a popular webmail system written in PHP,  once called Muppet.
Author: Christopher Heschong
Homepage: http://twig.screwdriver.net
Version: 2.5.1 ( latest )
Problem: The possibility of processing our own php file , can leed to
arbitrary command execution on the server as the httpd user.


I'll refrain from the usual comments about disclosure of vulnerability
information without fix details. As a short term fix try the following:

Simply add:
    unset($config);
    unset($vhosts);
at the top of config/config.inc.php3

Also add:
    unset($dbconfig);
at the top of config/dbconfig.inc.php3 for good measure.

Please note that this vulnerability is only exploitable if the URL fopen
wrappers functionality is compiled in (it is by default) and the script
isn't being run on the windows platform (Windows does not support Remote
Files functionality in include() statements).

Cheers,
Shaun Clowes
SecureReality Pty Ltd.
http://www.securereality.com.au

Current thread:

Security problems with TWIG webmail system João Gouveia (Nov 28)
- Re: Security problems with TWIG webmail system Shaun Clowes (Nov 29)
- <Possible follow-ups>
- Re: Security problems with TWIG webmail system Geoff Martin (Nov 30)