Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Re: perl-cgi hole in UltimateBB by Infopop Corp.

Re: perl-cgi hole in UltimateBB by Infopop Corp.

From: Bill <mckinnon_at_ISIS2000.COM>
Date: Mon, 14 Feb 2000 15:33:14 -0500

"Sergei A. Golubchik" wrote:
>
> The fix is obvious. But the rule of the thumb is "do not use magic perl open".
> At least in cgi scripts. If you want to open regular file, sysopen does
> the trick as well.

Isn't open(FH, "< $variable") sufficient to stop any embedded |'s, etc
from doing anything harmful, as well?

- Bill
Received on Feb 15 2000

This message: [ Message body ]
Next message: Theo de Raadt: "Re: sshd and pop/ftponly users incorrect configuration"
Previous message: Kragen Sitaker: "Re: CGI.pm and the untrusted-URL problem"
In reply to: Sergei A. Golubchik: "perl-cgi hole in UltimateBB by Infopop Corp."
Next in thread: Andrew Danforth: "Re: perl-cgi hole in UltimateBB by Infopop Corp."
Reply: Andrew Danforth: "Re: perl-cgi hole in UltimateBB by Infopop Corp."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]