OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed
From: J C (joshuaCHAMAS.COM)
Date: Mon Jul 10 2000 - 22:38:56 CDT


ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed

Apache::ASP < http://www.nodeworks.com/asp/ > had a security
hole in its ./site/eg/source.asp distribution examples file,
allowing a malicious hacker to potentially write to files in
the directory local to the source.asp example script.

The next version of Apache::ASP v1.95 going to CPAN will not
have this security hole in its example ./site/eg/source.asp
The general CHANGES for this release is below. Note that
CPAN may not have the 1.95 version for another 24 hours.

Until you have the latest examples, I would recommend
deleting
this source.asp file from any public web server that has
Apache::ASP installed on it.

The original report on a similar perl open() bug was at
ZDNet's eWeek
at
http://www.zdnet.com/eweek/stories/general/0,11011,2600258,0
0.html
where a hacking contest at openhack.com turned up a bug on
its minivend ecommerce software.

--Joshua Chamas

=item $VERSION = 1.95; $DATE="07/10/00";

 !!!!! EXAMPLES SECURITY BUG FOUND & FIXED !!!!!

 --FIXED: distribution example ./site/eg/source.asp now
parses
  out special characters of the open() call when reading
local
  files.

  This bug would allow a malicious user possible writing
  of files in the same directory as the source.asp script.
This
  writing exploit would only have effect if the web server
user
  has write permission on those files.

  Similar bug announced by openhack.org for minivend
software
  in story at:
    
http://www.zdnet.com/eweek/stories/general/0,11011,2600258,0
0.html

  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 -$0 now set to transferred file, when using
$Server->Transfer

 -Fix for XMLSubsMatch parsing on cases with 2 or more args
passed
  to tag sub that was standalone like
    <Apps:header type="header" title="Moo" foo="moo" />