Re: qmailadmin SUID buffer overflow

From: Kurt Seifried (bugtraqat_private)
Date: Tue Aug 06 2002 - 01:49:06 PDT

Next message: Blue Boar: "[Fwd: In regards to ... http://online.securityfocus.com/bid/5382]"

Previous message: Clemens 'Gullevek' Schwaighofer: "Re: ssh trojaned"
In reply to: Thomas Cannon: "qmailadmin SUID buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Thomas Cannon" <tcannonat_private>

>     tmpstr = getenv(QMAILADMIN_TEMPLATEDIR);

This affects up to and including 1.0.2 (the latest version).

    tmpstr = getenv(QMAILADMIN_TEMPLATEDIR);
    if (tmpstr == NULL ) tmpstr = HTMLLIBDIR;

occurs three times (twice in util.c, once in templates.c).

I'd advise simply hardcoding the string to a certain directory (if needed)
for now or commenting it out).

Judging by the general (lack of) code quality I really wouldn't recommend
this CGI unless you make sure it's password protected to trusted
administrators via the web and not executable locally (which can be
difficult if you have interactive shell users).

Kurt Seifried, kurtat_private
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

Next message: Blue Boar: "[Fwd: In regards to ... http://online.securityfocus.com/bid/5382]"
Previous message: Clemens 'Gullevek' Schwaighofer: "Re: ssh trojaned"
In reply to: Thomas Cannon: "qmailadmin SUID buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 06 2002 - 08:28:06 PDT