[33915] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote

daemon@ATHENA.MIT.EDU (Mariusz Woloszyn)
Mon Feb 23 17:47:14 2004

Date: Mon, 23 Feb 2004 22:14:45 +0100 (CET)
From: Mariusz Woloszyn <emsi@ipartners.pl>
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.58.0402232208390.10880@dzyngiel.ipartners.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-2
Content-Transfer-Encoding: 8BIT

		Lam3rZ Security Advisory #3/2004

			23 Feb 2004

		Remote command execution in Confirm

Name:			Confirm <=0.62
Severity:		High
Software URL:		http://freshmeat.net/projects/confirm/
Software author:	David Lechnyr <davidrl/at/comcast/dot/net>
Advisory author:	Mariusz Woloszyn <emsi/AT/GTS/dot/PL>
Vendor notified:	Feb 6, 2004
Vendor confirmed:	Feb 6, 2004
Vendor fix:		Feb 9, 2004

Impact:
-------

Confirm is a simple procmail script that uses a pattern-matching
auto-whitelist to help identify unsolicited email.
A forged email headers may lead to a remote command execution under users
(or even root, if root uses confirm) privileges.

Description:
------------

Due to insufficient user supplied data filtering, emails containing special
characters, like ",`,|,;,$ and so on in headers may trick confirm and lead
to command execution.

How to patch:
-------------

Install confirm-0.70 from:
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz
Please note, that significant changes has happened since previous
version!!!

Regards,

-- 
Mariusz Wołoszyn
Internet Security Specialist, GTS - Internet Partners


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[33915] in bugtraq

Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote

daemon@ATHENA.MIT.EDU (Mariusz Woloszyn)Mon Feb 23 17:47:14 2004

daemon@ATHENA.MIT.EDU (Mariusz Woloszyn)
Mon Feb 23 17:47:14 2004