Vulnerability Development mailing list archives
Re: qmailadmin SUID buffer overflow
From: "Kurt Seifried" <bugtraq () seifried org>
Date: Tue, 6 Aug 2002 02:49:06 -0600
From: "Thomas Cannon" <tcannon () noops org>
tmpstr = getenv(QMAILADMIN_TEMPLATEDIR);
This affects up to and including 1.0.2 (the latest version). tmpstr = getenv(QMAILADMIN_TEMPLATEDIR); if (tmpstr == NULL ) tmpstr = HTMLLIBDIR; occurs three times (twice in util.c, once in templates.c). I'd advise simply hardcoding the string to a certain directory (if needed) for now or commenting it out). Judging by the general (lack of) code quality I really wouldn't recommend this CGI unless you make sure it's password protected to trusted administrators via the web and not executable locally (which can be difficult if you have interactive shell users). Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
Current thread:
- qmailadmin SUID buffer overflow Thomas Cannon (Aug 05)
- Re: qmailadmin SUID buffer overflow Kurt Seifried (Aug 06)