|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Stefan Esser (stefan.esser
sektioneins.de)
Date: Mon Jul 09 2007 - 02:26:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Version 2.1 of the SquirrelMail GPG Plugin was published yesterday. It
> blocks an attack vector I found after your mail while quickly grep'ing
> for dangerous PHP calls.
Version 2.1 of the plugin contains several more shell command execution
vulnerabilities and the vendor is aware of this.
And yes grepping for a few dangerous PHP calls is not that hard and you
will sooner or later find these bugs. However to quote Halvar:
"Auditing is not supergrep. "
The real challenge with the SquirrelMail GPG Plugin vulnerabilties is not
to find them after you got a hint that they exist. The challenge is to find
out that (and how) you can launch them (at least some of them) PRE-AUTH.
I really wonder if the auctionned bug is pre-auth or post-auth. I guess the
later because otherwise they would have mentioned it.
> Giving out some much information was really stupid ...
Isn't that always the point when you sell a vulnerability in an open source
software? If I want to sell you a lighttpd remote exploit and you trust me
than you know that such a thing exists and you will most probably invest
more time in finding it yourself. The knowledge that something exploitable
really exists is a good motivation to find it.
Stefan
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]