Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1997: Re: Vulnerability in websendmail

Re: Vulnerability in websendmail

Randal Schwartz (merlynSTONEHENGE.COM)
Tue, 8 Jul 1997 07:11:27 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Warner Losh: "Re: Buffer overflow in "lpr""
Previous message: Aleph One: "Alert: Utility allows any user to become a member of local Admini"
In reply to: Razvan Dragomirescu: "Vulnerability in websendmail"

>>>>> "Razvan" == Razvan Dragomirescu <drazvankappa.ro> writes:

Razvan> As many other cgi-bin programs, this one does not check for special
Razvan> characters in the user input.

Razvan> Here's what it does:
Razvan> (...)
Razvan> $cmd="| $MAILBIN $VAR_receiver";
Razvan> open (PIPEOUT, $cmd);

It really amazes me how many newbie Perl hackers:
(1) ignore the CGI Security FAQ (especially the parts about perl), or
(2) roll their own mail sending stuff, instead of using Net::SMTP
    or the more powerful Mail::Tools package, both found in the CPAN.

On second thought, maybe it's not amazing. :-)

--
Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095
Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying
Email: <merlynstonehenge.com> Snail: (Call) PGP-Key: (finger merlynora.com)
Web: <A HREF="http://www.stonehenge.com/merlyn/">My Home Page!</A>
Quote: "I'm telling you, if I could have five lines in my .sig, I would!" -- me

Next message: Warner Losh: "Re: Buffer overflow in "lpr""
Previous message: Aleph One: "Alert: Utility allows any user to become a member of local Admini"
In reply to: Razvan Dragomirescu: "Vulnerability in websendmail"