[4885] in bugtraq
Re: Vulnerability in Glimpse HTTP
daemon@ATHENA.MIT.EDU (Oliver Friedrichs)
Thu Jul 10 05:15:31 1997
Date: Wed, 9 Jul 1997 13:00:07 -0600
Reply-To: Oliver Friedrichs <oliverf@SILENCE.SECNET.COM>
From: Oliver Friedrichs <oliverf@SILENCE.SECNET.COM>
X-To: Paul Phillips <paulp@go2net.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SOL.3.94.970708165142.14579C-100000@zax>
On Tue, 8 Jul 1997, Paul Phillips wrote:
> They are...
>
> ^ (acts as pipe under some shells)
> \n (acts as shell delimeter)
> \ (in the esc_chars version of the function, this allows \; to
> be escaped as \\;, then unescaped by shell into \; again.)
>
> This should be somewhat distrubing as a rather fearful number of
> people have read that document and only a very few have actually
> noticed these oversights. I certainly hope the majority of programmers
This is true, however in the context of this particular bug (Glimpse) this
isn't the case. The reason for this being that open() in perl does not
honour these escape characters.
- Oliver
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Secure Networks Incorporated. Calgary, Alberta, Canada, (403) 262-9211
