Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_4

Bugtraq archives for 4th quarter (Oct-Dec) 1998: Re: Several new CGI vulnerabilities

Re: Several new CGI vulnerabilities

Gus (angusINTASYS.COM)
Tue, 10 Nov 1998 14:44:23 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jim Dennis: "Re: tcpd -DPARANOID doesn't work, and never did"
Previous message: Jochen Thomas Bauer: "Vulnerabilities with Swish"
In reply to: xnec: "Several new CGI vulnerabilities"
Next in thread: Lincoln Stein: "Re: Several new CGI vulnerabilities"

On Mon, 9 Nov 1998, xnec wrote:
>
> EXPLOIT:
>
> Each of these are exploitable by inputing metacharacters into the
> recipient's email address.  Each script calls something similar
> to:
>
>  open( MAIL, "|$mailprog $email" )

This is one that just won't go away, and rather than try the (frankly
quite fruitless) metachar filtering route, it might be an idea for CGI
providing ISP's to insist on the use of perl's Mail::Sendmail module,
which cuts out any potential pipe/metachar related bugs by communicating
directly w/ the SMTP server.

$LOCAL_CPAN_MIRROR/authors/id/M/MI/MIVKOVIC/Mail-Sendmail-0.74.tar.gz

See http://www.perl.com/CPAN for a list of mirror sites.

Regards
        Gus

--
                                angusintasys.com
                          http://www.intasys.com/~angus/

Next message: Jim Dennis: "Re: tcpd -DPARANOID doesn't work, and never did"
Previous message: Jochen Thomas Bauer: "Vulnerabilities with Swish"
In reply to: xnec: "Several new CGI vulnerabilities"
Next in thread: Lincoln Stein: "Re: Several new CGI vulnerabilities"