[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Antwort: Openwebmail 1.71 remote root compromise



On 18.12.2002 18:37:59 Dmitry Guyvoronsky wrote: 

> Software : Openwebmail (http://openwebmail.org)
> Version  : ?.?? -> 1.71 (current)
> Type     : Arbitrary commands execution
> Remote   : yes
> Root     : yes (!!!)
> Date     : December 18, 2002


> IV. RECOMENDATIONS
> 
> Temporary disable using of openwebmail until patch will be released by 
the 
> vendor
> or fix openwebmail-shared.pl, changing
> 
> - ---
> $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
> - ---
> 
> into
> 
> - ---
> $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
> $loginname =~ s/[\.\/\;\|\'\"\`\&]//g;
> - ---

This Fix does not work if loginname includes the internet domain name (the 
dot´s disapear).

Change into:
$loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
$loginname =~ s/[\/\;\|\'\"\`\&]//g;
$loginname =~ s/\.\.//g;

Freundliche Gruesse / Best Regards

Stephan Sachweh
Abteilungsleiter Security Operations
--------------------------------------------------------------------
//// pallas / A Member of the ExperTeam Group
Pallas GmbH / Emil-Figge-Str. 85 / 44227 Dortmund / Germany
Stephan.Sachweh@xxxxxxxxxx / www.pallas.com
Tel +49-231-9704-221 / Fax +49-231-9704-609 / Mobile +49-173-5490754
--------------------------------------------------------------------