SECURITY HOLE: cnfsstat

Russ Allbery rra at stanford.edu
Wed Aug 25 07:54:47 UTC 1999


Mike Bird <mgb at yosemite.net> writes:

> INN 2.2

> cnfsstat at line 348 runs grephistory in backquotes.  The $msgid is not
> checked for malicious characters.

It's passed in single quotes, however, so the only characters that should
be able to cause any trouble are backslashes and single quotes.  I've just
checked in a fix (replacing \ with \\ and replacing ' with '\'').  It
needs a better fix, but that should do for the 2.2.1 release.

-- 
Russ Allbery (rra at stanford.edu)         <URL:http://www.eyrie.org/~eagle/>


More information about the inn-workers mailing list