hello all,
i saw a post on Bugtraq about a squirrelmail exploit. It's long and
excessively rhetorical though, and I don't use squirrelmail, so i
haven't been able to test to see if the exploit is real. But for you
who do use squirrelmail, you might want to monitor the issue and
maybe perform the workaround until a fix comes around. The
Common Vulnerabilities and Exposure (CVE) candidate
standard name is:
CAN-2003-0990 - Squirrelmail input validation flaw
and the exploit is supposed to be trivial to test, i.e.:
This particular example is within the GPG subsystem of
Squirrelmail, often installed by security "experts" who in
actuality have the information security knowledge of cat
food.
Adding a ";command;" to the To: line of a newly created e-mail
and then clicking "encrypt now" will execute the command as
the Apache user on recent versions of Squirrelmail, including
the current CVS version. Example:
To: ;echo "YO, dudes. Static analysis ain't rocket science."
>> /tmp/message; <click encrypt now to execute!>
you see what i mean about excessively rhetorical :). maybe
someone on the list could test this on their squirrelmail installation
and post whether the exploit really exists. if it does, then people
should disable their GPG plugins until the bug is fixed and
they've updated.
Merry Christmas.
tiger
--
Gerald Timothy Quimpo gquimpo*hotmail.com tiger*sni*ph
http://bopolissimus.sni.ph
Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78"
Using the Back button in IE is dangerous.
http://online.securityfocus.com/archive/1/267561
Pressing CTRL in IE is dangerous.
http://online.securityfocus.com/archive/1/283866
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
