68 lines
3.2 KiB
Text
68 lines
3.2 KiB
Text
|
From xanni@urYod.glasswings.com.au Wed May 26 10:27:04 2004
|
||
|
Return-Path: <xanni@urYod.glasswings.com.au>
|
||
|
Delivered-To: guy-ezmlm@rucus.ru.ac.za
|
||
|
Received: (qmail 95684 invoked by uid 1025); 26 May 2004 08:27:04 -0000
|
||
|
Received: (qmail-scanner-1.22 95683 invoked by uid 82); 26 May 2004 08:27:04 -0000
|
||
|
Received: from mail018.syd.optusnet.com.au (211.29.132.72)
|
||
|
by server.rucus.ru.ac.za with SMTP; 26 May 2004 08:26:58 -0000
|
||
|
Received: from urYod.glasswings.com.au (c211-28-208-136.eburwd1.vic.optusnet.com.au [211.28.208.136])
|
||
|
by mail018.syd.optusnet.com.au (8.11.6p2/8.11.6) with ESMTP id i4Q8QmD27299
|
||
|
for <guy-ezmlm@rucus.ru.ac.za>; Wed, 26 May 2004 18:26:49 +1000
|
||
|
Received: from urYod.glasswings.com.au (localhost.localdomain [127.0.0.1])
|
||
|
by urYod.glasswings.com.au (8.12.10/8.12.10) with ESMTP id i4Q8QlgD004619
|
||
|
for <guy-ezmlm@rucus.ru.ac.za>; Wed, 26 May 2004 18:26:47 +1000
|
||
|
Received: (from xanni@localhost)
|
||
|
by urYod.glasswings.com.au (8.12.10/8.12.10/Submit) id i4Q8Qljs004617
|
||
|
for guy-ezmlm@rucus.ru.ac.za; Wed, 26 May 2004 18:26:47 +1000
|
||
|
Date: Wed, 26 May 2004 18:26:47 +1000
|
||
|
From: Andrew Pam <xanni@glasswings.com.au>
|
||
|
To: guy-ezmlm@rucus.ru.ac.za
|
||
|
Subject: Another ezmlm-web patch
|
||
|
Message-ID: <20040526082647.GN1975@urYod.glasswings.com.au>
|
||
|
Mime-Version: 1.0
|
||
|
Content-Type: text/plain; charset=us-ascii
|
||
|
Content-Disposition: inline
|
||
|
User-Agent: Mutt/1.4.1i
|
||
|
X-Face: ="NXL=B\E?60DRs]*]Mp-[@,"/\ESi&5s~&qMPLKzyWqo*<)SiE$IykXoakjYA62"oQT_.0I-i:nay>Pg]I{>J&dN(D<]F}+eaMSI=Kv]<L%q>fr7.e;3u(e1ZlP^C>pRxW*sJEgdAevnn^/D{Eg[f
|
||
|
Status: RO
|
||
|
Content-Length: 1682
|
||
|
|
||
|
Hello! I recently upgraded my system from Red Hat Linux 7.3 to
|
||
|
Fedora Core 1 which in turn resulted in upgrading my perl to 5.8.3.
|
||
|
This revealed a nasty security bug in Mail::Ezmlm which of course affects
|
||
|
ezmlm-web.cgi and is detected by perl when running SUID. Mail::Ezmlm
|
||
|
passes email addresses to the ezmlm tools on the command line using the
|
||
|
"system" perl function, but doesn't check that the email addresses are
|
||
|
free of dangerous characters. Here's a patch to ezmlm-web.cgi to make
|
||
|
it check for valid characters before calling Mail::Ezmlm:
|
||
|
|
||
|
--- ezmlm-web.cgi.orig 2000-09-26 06:58:08.000000000 +1100
|
||
|
+++ ezmlm-web.cgi 2004-05-26 17:54:30.000000000 +1000
|
||
|
@@ -477,7 +477,14 @@
|
||
|
untie %pretty;
|
||
|
}
|
||
|
|
||
|
- if ($list->sub($add->address(), $part) != 1) {
|
||
|
+# Modified 2004-05-26 by Andrew Pam <xanni@sericyb.com.au>
|
||
|
+# Untaint the address because $list->sub will pass it to ezmlm-sub
|
||
|
+# on the command line!
|
||
|
+# Note this may not handle some less common email address formats
|
||
|
+ my($addr) = $add->address() =~ /([\w\.\=]+\@[\w\.\=]+)/
|
||
|
+ or die "Illegal character in address '" . $add->address() ."'";
|
||
|
+# if ($list->sub($add->address(), $part) != 1) {
|
||
|
+ if ($list->sub($addr, $part) != 1) {
|
||
|
die "Unable to subscribe to list: $!";
|
||
|
}
|
||
|
$count++;
|
||
|
|
||
|
Of course arguably Mail::Ezmlm should really be doing this.
|
||
|
|
||
|
Cheers,
|
||
|
Andrew
|
||
|
--
|
||
|
mailto:xanni@xanadu.net Andrew Pam
|
||
|
http://www.xanadu.com.au/ Chief Scientist, Xanadu
|
||
|
http://www.glasswings.com.au/ Technology Manager, Glass Wings
|
||
|
http://www.sericyb.com.au/ Manager, Serious Cybernetics
|
||
|
|