Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: qmailadmin SUID buffer overflow

Re: qmailadmin SUID buffer overflow

From: Kurt Seifried <bugtraq_at_seifried.org>
Date: Tue, 6 Aug 2002 02:49:06 -0600

From: "Thomas Cannon" <tcannon_at_noops.org>

> tmpstr = getenv(QMAILADMIN_TEMPLATEDIR);

This affects up to and including 1.0.2 (the latest version).

    tmpstr = getenv(QMAILADMIN_TEMPLATEDIR);
    if (tmpstr == NULL ) tmpstr = HTMLLIBDIR;

occurs three times (twice in util.c, once in templates.c).

I'd advise simply hardcoding the string to a certain directory (if needed)
for now or commenting it out).

Judging by the general (lack of) code quality I really wouldn't recommend
this CGI unless you make sure it's password protected to trusted
administrators via the web and not executable locally (which can be
difficult if you have interactive shell users).

Kurt Seifried, kurt_at_seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
Received on Aug 06 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos