mailto.cgi 的管道使用漏洞
发布日期:2000-09-12
更新日期:2000-09-12
受影响系统:
Ranson Johnson Combination Mail-to and Credit Card Orderform 1.9 以及低于这的版本
- Sun Solaris 8.0
- Sun Solaris 7.0
- RedHat Linux 6.x
- Microsoft Windows NT 4.0
描述:
在 Ranson Johnson 的 Mail-to 和 Credit Card 提交表中,变量
"emailadd"的值由用户填表时提供,并且直接通过管道打开。通过在
表的'emailadd'域里填特殊构造的值,可能以 web 服务的权限远程
执行命令。
<* 来源:Karl Hanmore (
karl@system-administrator.net) *>
建议:
临时解决办法:
NSFOCUS建议您在未获得相关补丁之前暂时停止使用有问题的CGI。
厂商补丁:
*** mailto.cgi.orig Mon Sep 4 17:22:48 2000
--- mailto.cgi Mon Sep 4 17:24:26 2000
***************
*** 134,143 ****
############################################
if ($mail eq '1') {
! open (MAIL, "|$mailprog $recipient") || die "Can't open $mailprog!\n";
!
print MAIL "Reply-to: $FORM{'emailadd'} ($FORM{'name'})\n";
print MAIL "From: $FORM{'emailadd'} ($FORM{'name'})\n";
if ($FORM{'card_no'}){
--- 134,145 ----
############################################
+ # Check for valid email address
+ $FORM{'emailadd'} =~ s/[^A-Zaa-z0-9@\.,]//g;
if ($mail eq '1') {
! open (MAIL, "|$mailprog -t") || die "Can't open $mailprog!\n";
! print MAIL "To: $recipient\n";
print MAIL "Reply-to: $FORM{'emailadd'} ($FORM{'name'})\n";
print MAIL "From: $FORM{'emailadd'} ($FORM{'name'})\n";
if ($FORM{'card_no'}){
***************
*** 163,169 ****
}
if ($remote_mail eq '1' && $FORM{'emailadd'}) {
! open (MAIL, "|$mailprog $FORM{'emailadd'}") || die "Can't open $mailprog!\n";
print MAIL "From: $return_add\n";
if ($FORM{'card_no'}){
print MAIL "Subject: $cc_order_subject\n";
--- 165,172 ----
}
if ($remote_mail eq '1' && $FORM{'emailadd'}) {
! open (MAIL, "|$mailprog -t") || die "Can't open $mailprog!\n";
! print MAIL "To: $FORM{'emailadd'}\n";
print MAIL "From: $return_add\n";
if ($FORM{'card_no'}){
print MAIL "Subject: $cc_order_subject\n";
浏览次数:9257
严重程度:0(网友投票)