[15305] in bugtraq
Re: Mailstudio2000 CGI Vulnerabilities [S0ftPj.4]
daemon@ATHENA.MIT.EDU (Vanja Hrustic)
Sat Jun 10 16:40:03 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <394223B8.A61C0517@relaygroup.com>
Date: Sat, 10 Jun 2000 18:17:12 +0700
Reply-To: vanja@relaygroup.com
From: Vanja Hrustic <vanja@RELAYGROUP.COM>
X-To: fusys@ITAPAC.NET
To: BUGTRAQ@SECURITYFOCUS.COM
fusys@ITAPAC.NET wrote:
> There are at least two distinct bugs we'll mention.
Also, buffer overflow exists in userreg.cgi, which enables remote user
to execute any command as root.
It is also possible to change the password for system users, which don't
have the password already (like 'operator', 'gopher', etc.).
And probably some more (it was pointless going any further - apps seem
to be full of holes).
3RSoft did not respond to mail (sent around 3 months ago), so I have no
idea if they just ignored the report, or they 'silenty' fixed it. I did
not try the latest version.
Vanja Hrustic
SAFER Editor
SAFER - free monthly security newsletter
Subscriptions at http://www.safermag.com
