SECURITY HOLE: cnfsstat
Russ Allbery
rra at stanford.edu
Wed Aug 25 07:54:47 UTC 1999
Mike Bird <mgb at yosemite.net> writes:
> INN 2.2
> cnfsstat at line 348 runs grephistory in backquotes. The $msgid is not
> checked for malicious characters.
It's passed in single quotes, however, so the only characters that should
be able to cause any trouble are backslashes and single quotes. I've just
checked in a fix (replacing \ with \\ and replacing ' with '\''). It
needs a better fix, but that should do for the 2.2.1 release.
--
Russ Allbery (rra at stanford.edu) <URL:http://www.eyrie.org/~eagle/>
More information about the inn-workers
mailing list