Full Disclosure mailing list archives
New hole in W3Mail
From: Tim Brown <netsys () machine org uk>
Date: Tue, 12 Nov 2002 22:43:55 +0000 (GMT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The attached advisory supercedes my previous effort regarding W3Mail (NDSA20020719). It seems that in fixing the original holes, CascadeSoft introduced a new one. Their fix for the original hole was as I suggested, to move the MIME attachments data from the web server document root. Unfortunately, the script they wrote to allow users to access the attachment, does no checking about the validity of the file argument, allowing you to request any file that is readable by the web server user. The vendor has been notified, but since they never bothered to acknowledge our contact last time, we're expecting no official response. Hopefully this time they will be able to correct the bug in less than 4 months. Cheers, Tim - -- Tim Brown <mailto:netsys () machine org uk> <http://www.machine.org.uk/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE90YQ4VAlO5exu9x8RAo4mAKCuBRYpvxUhihxv4CWNI+NdeRQkBQCgxcYw wz1IdqY3MvAcCJRBMCv5e68= =1Mw4 -----END PGP SIGNATURE-----
Attachment:
NDSA20021112.txt.asc
Description:
Current thread:
- New hole in W3Mail Tim Brown (Nov 12)