|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[VulnWatch] Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote command execution
From: Tomasz Grabowski (cadence
apollo.aci.com.pl)
Date: Mon Feb 23 2004 - 16:07:36 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lam3rZ Security Advisory #3/2004
23 Feb 2004
Remote command execution in Confirm
Name: Confirm <=0.62
Severity: High
Software URL: http://freshmeat.net/projects/confirm/
Software author: David Lechnyr <davidrl/at/comcast/dot/net>
Advisory author: Mariusz Woloszyn <emsi/AT/GTS/dot/PL>
Vendor notified: Feb 6, 2004
Vendor confirmed: Feb 6, 2004
Vendor fix: Feb 9, 2004
Impact:
-------
Confirm is a simple procmail script that uses a pattern-matching
auto-whitelist to help identify unsolicited email. A forged email headers
may lead to a remote command execution under users (or even root, if root
uses confirm) privileges.
Description:
------------
Due to insufficient user supplied data filtering, emails containing
special characters, like ",`,|,;,$ and so on in headers may trick confirm
and lead to command execution.
How to patch:
-------------
Install confirm-0.70 from:
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz
Please note, that significant changes has happened since previous
version!!!
Regards,
--
Mariusz Woloszyn
Internet Security Specialist, GTS - Internet Partners
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]