[39156] in bugtraq
Re: Arbitrary code execution in eping plugin
daemon@ATHENA.MIT.EDU (Jonathan Angliss)
Tue Jun 14 14:22:09 2005
Date: Tue, 14 Jun 2005 09:02:09 -0500
From: Jonathan Angliss <jon@netdork.net>
Message-ID: <1346951001.20050614090209@netdork.net>
To: Oliver Monneke <oliver@codersquad.de>
Cc: y0int@yahoo.it, bugtraq@securityfocus.com
In-Reply-To: <42A9F99D.6040501@codersquad.de>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1";
boundary="----------11311C7717B8B46E"
------------11311C7717B8B46E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Hello Oliver,
Friday, June 10, 2005, 3:35:41 PM, you wrote:
> the problem is in function eping_validaddr() in functions.php where the
> host is checked if it is valid as the name says...
> But the only check is to see if it is a valid ip adress for eping, here
> is the code:
> --------------8<-----------------------------------------8<--------------=
-----------------------
> function eping_validaddr($eping_hosttocheck)
> {
[..]
> }
> --------------8<-----------------------------------------8<--------------=
-----------------------
> I am sorry but I am a coder and my eyes are bleeding when looking at
> stuff like that so here is my suggestion for replaceing the if-statement:
> if(preg_match("/^[0-9]{2,3}?\.[0-9]{1,3}?\.[0-9]{1,3}?\.[0-9]{1,3}?$/",
> $eping_hosttocheck))
A better solution would be to limit the scope of the regex and use ^
and $ on the regex the original code has in place. I'd personally use:
If (preg_match("/^((25[0-5]|2[0-4][0-9]|1?\d{1,2})\.){3}((25[0-5]|2[0-4][0-=
9]|1?\d{1,2}))$/", $eping_hosttocheck))
Won't match IPv6 addresses, but neither will the original code, and it
matches IP addresses perfectly I believe.
--=20
Jonathan Angliss
<jon@netdork.net>
------------11311C7717B8B46E
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFCruNgK4PoFPj9H3MRAoH6AJ9L0Vx2UmW7JvFIhekxqiHPd+C+vACgsWdf
3eoAhxWK9vUA29J5GRgoRsk=
=Ms1M
-----END PGP MESSAGE-----
------------11311C7717B8B46E--
