Majordomo-Workers: Re: [Fwd: BoS: Vulnerability in Majordomo]

Majordomo-Workers
(August 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: [Fwd: BoS: Vulnerability in Majordomo]
From:	perry @ news . vill . edu (Rick Perry)
Organization:	Villanova University
Date:	26 Aug 1997 09:37:38 -0400
To:	majordomo-workers @ greatcircle . com
Newsgroups:	vill.majordomo-workers
References:	<5tu4qu$mne@ftp.ee.vill.edu>

Norbert Bollow <nb@pobox.com> writes:
>Here's a quick patch; it's not very sophisticated but it'll do for the
>moment. -- Norbert.

>*** majordomo.bak	Fri Aug 22 16:50:23 1997
>--- majordomo	Tue Aug 26 10:20:50 1997
>***************
>*** 1368,1373 ****
>--- 1368,1379 ----
>      local($command_advert, $command_noadvert);	
>      local($reply_addr) = &ParseAddrs($reply_to);
>  
>+     #Fix a security hole in the eval below
>+     if ($reply_addr =~ /\`|\/|\$|\{|\}|\&/) {
>+ 	&abort("Possible HOSTILE ADDRESS: lists command from $reply_addr\n
>+ 	Full headers of the suspicious message follow:\n\n$hdrs");
>+     }
>+ 

It's better to be more paranoid about it, specifying what chars are allowed
instead of (a possible subset of) those which are bad:

    if( $reply_addr !~ /^[a-zA-Z0-9_\-+@%\.]+$/) {


...Rick         perry@ece.vill.edu, http://www.ece.vill.edu/~perry  [PGP]

Follow-Ups:

Re: [Fwd: BoS: Vulnerability in Majordomo]
From: Dave Wolfe <dwolfe@risc.sps.mot.com>

Indexed By Date	Previous:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Norbert Bollow <nb@pobox.com>
Indexed By Date	Next:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Indexed By Thread	Previous:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Jason L Tibbitts III <tibbs@hpc.uh.edu>
Indexed By Thread	Next:	Re: [Fwd: BoS: Vulnerability in Majordomo] From: Dave Wolfe <dwolfe@risc.sps.mot.com>