Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: qmailadmin SUID buffer overflow

From: "Kurt Seifried" <bugtraq () seifried org>
Date: Tue, 6 Aug 2002 02:49:06 -0600
From: "Thomas Cannon" <tcannon () noops org>


    tmpstr = getenv(QMAILADMIN_TEMPLATEDIR);


This affects up to and including 1.0.2 (the latest version).

    tmpstr = getenv(QMAILADMIN_TEMPLATEDIR);
    if (tmpstr == NULL ) tmpstr = HTMLLIBDIR;

occurs three times (twice in util.c, once in templates.c).

I'd advise simply hardcoding the string to a certain directory (if needed)
for now or commenting it out).

Judging by the general (lack of) code quality I really wouldn't recommend
this CGI unless you make sure it's password protected to trusted
administrators via the web and not executable locally (which can be
difficult if you have interactive shell users).

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
Previous By Date Next
Previous By Thread Next

Current thread: