NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.
All the Perl that's Practical to Extract and Report
use Perl Log In
cbrooks (3267)
cbrooks
(email not shown publicly)
(email not shown publicly)
Wednesday February 12, 2003
08:10 AM
Security bug in CGI::Lite::escape_dangerous_chars()
It doesn't look like anyone else has posted this to use.perl yet. A security flaw in CGI::Lite was posted to bugtraq yesterday. Essentially, the escape_dangerous_chars() method fails to escape a number of metacharacters.
The impact statement says:
The impact statement says:
If the CGI::Lite::escape_dangerous_chars() function is used within (for example) a web CGI script, a remote attacker may be able to read and/or write local files on the attacked web server and/or may be able to gain shell-level access to the attacked web server, via the CGI script, as the user-id under which the CGI script is executed (typically, but not always the `nobody' user).
The potential exists for remote root compromise (or other privileged access) if a CGI script using CGI::Lite::escape_dangerous_chars() is installed as set-uid (root) or set-gid.
As noted by the white hat who found the flaw, CGI::Lite's maintainer has not responded with a patch (and the lastest version of the module available on CPAN is from 8-20-2000).
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
help them think they understand.
--Larry Wall
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.
It's being worked on (Score:2)
A new package should hit CPAN shortly; Andreas is putting an update together.
- ask
-- ask bjoern hansen [askbjoernhansen.com], !try; do();