Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

cbrooks (3267)

  (email not shown publicly)

Journal of cbrooks (3267)

Wednesday February 12, 2003
08:10 AM

Security bug in CGI::Lite::escape_dangerous_chars()

[ #10542 ]
It doesn't look like anyone else has posted this to use.perl yet. A security flaw in CGI::Lite was posted to bugtraq yesterday. Essentially, the escape_dangerous_chars() method fails to escape a number of metacharacters.

The impact statement says:

If the CGI::Lite::escape_dangerous_chars() function is used within (for example) a web CGI script, a remote attacker may be able to read and/or write local files on the attacked web server and/or may be able to gain shell-level access to the attacked web server, via the CGI script, as the user-id under which the CGI script is executed (typically, but not always the `nobody' user).

The potential exists for remote root compromise (or other privileged access) if a CGI script using CGI::Lite::escape_dangerous_chars() is installed as set-uid (root) or set-gid.

As noted by the white hat who found the flaw, CGI::Lite's maintainer has not responded with a patch (and the lastest version of the module available on CPAN is from 8-20-2000).

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.