OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Konstantin Riabitsev (iconphy.duke.edu)
Date: Sun Mar 31 2002 - 15:21:40 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Wed, 2002-03-27 at 20:16, pokleyzz sakamaniaka wrote:
    > email user can append $THEME variable through
    > cookies

    This is very obscure and is limited only to valid users within your
    squirrelmail application (e.g. the person has to have a valid login in
    order to exploit this vulnerability). The problem is fixed in the
    current CVS and will be out with Squirrelmail-1.2.6. Here is the fix,
    should you want to apply it, or just wait till the next release, since
    this is not a high-risk vulnerability.

    Regards,
    Konstantin Riabitsev,
    Squirrelmail Bugmaster

    hotfix:

    --- validate.php.orig Sun Mar 31 16:15:52 2002
    +++ validate.php Fri Mar 29 00:28:05 2002
    -61,6 +61,15
     * Include them down here instead of at the top so that all config
     * variables overwrite any passed in variables (for security).
     */
    +
    +/**
    + * Reset the $theme() array in case a value was passed via a cookie.
    + * This is until theming is rewritten.
    + */
    +global $theme;
    +unset($theme);
    +$theme=array();
    +
     require_once('../config/config.php');
     require_once('../src/load_prefs.php');
     require_once('../functions/page_header.php');

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iEYEABECAAYFAjynfeQACgkQlVxa81EWb4gE1QCgpONxpVYV4wUlyeVfnyzFe0Du
    Q4UAoIHReLLgq9UPLZx2+bhUe4RIxLQh
    =hBLY
    -----END PGP SIGNATURE-----