[9758] in bugtraq
Re: Buffer overflow in www.boutell.com cgic library
daemon@ATHENA.MIT.EDU (Frank Tegtmeyer)
Tue Feb 23 17:06:19 1999
Date: Tue, 23 Feb 1999 12:18:18 +0100
Reply-To: Frank Tegtmeyer <fte@POBOX.COM>
From: Frank Tegtmeyer <fte@POBOX.COM>
To: BUGTRAQ@NETSPACE.ORG
Jon Ribbens wrote:
> Thomas Boutell's cgic library (version 1.05) has a buffer overflow in
> cgiFormEntryString() which is almost certainly exploitable. (Although
> it obviously depends on the program that has linked with cgic.)
Seems to be solved. From Thomas Boutells site
(http://www.boutell.com/cgic/#whatsnew106)
What's new in version 1.06?
1. A potentially significant buffer overflow problem has been corrected.
Jon Ribbens correctly pointed out to me (and to the Internet's bugtraq
mailing list) that the cgiFormEntryString function, which is used
directly or indirectly by almost all CGIC programs, can potentially
write past the buffer passed to it by the programmer. This bug has been
corrected. Upgrading to version 1.06 is strongly recommended.
2. The function cgiSaferSystem() has been removed entirely. This function
escaped only a few metacharacters, while most shells have many, and
there was no way to account for the many different operating system
shells that might be in use on different operating systems. Since this
led to a false sense of security, the function has been removed. It is
our recommendation that user input should never be passed directly on
the command line unless it has been carefully shown to contain only
characters regarded as safe and appropriate by the programmer. Even
then, it is better to design your utilities to accept their input from
standard input rather than the command line.
Regards, Frank
