Bugtraq: Re: Vulnerability in Glimpse HTTP

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Vulnerability in Glimpse HTTP

From: oliverf () SILENCE SECNET COM (Oliver Friedrichs)
Date: Wed, 9 Jul 1997 13:00:07 -0600


On Tue, 8 Jul 1997, Paul Phillips wrote:

They are...

  ^ (acts as pipe under some shells)
 \n (acts as shell delimeter)
  \ (in the esc_chars version of the function, this allows \; to
     be escaped as \\;, then unescaped by shell into \; again.)

This should be somewhat distrubing as a rather fearful number of
people have read that document and only a very few have actually
noticed these oversights.  I certainly hope the majority of programmers


This is true, however in the context of this particular bug (Glimpse) this
isn't the case.  The reason for this being that open() in perl does not
honour these escape characters.

- Oliver

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Secure Networks Incorporated.  Calgary, Alberta, Canada, (403) 262-9211

By Date By Thread

Current thread:

Vulnerability in Glimpse HTTP Razvan Dragomirescu (Jul 02)
- Re: Vulnerability in Glimpse HTTP Brian Gentry (Jul 02)
  - Re: Vulnerability in Glimpse HTTP Jean-Christophe Touvet (Jul 03)
  - Re: Vulnerability in Glimpse HTTP Paul Phillips (Jul 08)
    - Re: Vulnerability in Glimpse HTTP Oliver Friedrichs (Jul 09)
    - CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Nicolas Dubee (Jan 01)
    - Re: Vulnerability in Glimpse HTTP Martin Pool (Jul 10)
    - It's not over yet. Aleph One (Jul 11)
    - It's not over yet. Manley, Jim W (Jul 11)
    - More information about JavaScript bug Dominick Matthias PN OIL 6 (Jul 11)