-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mar 8, 2008, at 1:22 PM, Ben Klang wrote:
> The Horde team has investigated this report and found it to be
> reproducible, though not exactly as reported. The SQL example in
> the original post does prevent the themes from appearing but does
> not execute the file in question. It is unclear based on their
> limited information whether they are using a modified version of
> Horde or if there were other factors that lead to the behavior
> reported. However if a null byte can be inserted into the theme
> name (for instance when using the LDAP preference backend which
> stores preference values in Base64 encoding) it does become possible
> to cause a file to be included and executed.
I'm a bit behind in reading bugtraq but thought I'd throw this in: We
had a similar situation sometime back with Maia Mailguard, and the
null byte thing depends on the platform. It was reported on a BSD
system I think, but our Linux systems would not reproduce it.
In any case, the data should be sanitized. :)
David Morton
Maia Mailguard http://www.maiamailguard.com
mortonda_at_dgrmm.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFH48xpUy30ODPkzl0RAitiAJ9zWAh79nDx/zT2V5XkKiRufXYapwCgs2Wo
fSEL3bzwgymbhgDdfeRUz6Y=
=X5gF
-----END PGP SIGNATURE-----
Received on Mar 21 2008
Intro
