Re: Vulnerability in Glimpse HTTP

Oliver Friedrichs (oliverf@SILENCE.SECNET.COM)
Wed, 09 Jul 1997 13:00:07 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Joe Zbiciak: "Re: [linux-security] so-called snprintf() in db-1.85.4 (fwd)"
Previous message: Dalvenjah FoxFire: "Re: Solaris Ping bug (DoS)"
Maybe in reply to: Razvan Dragomirescu: "Vulnerability in Glimpse HTTP"
Next in thread: Martin Pool: "Re: Vulnerability in Glimpse HTTP"

On Tue, 8 Jul 1997, Paul Phillips wrote:

> They are...
>
> ^ (acts as pipe under some shells)
> \n (acts as shell delimeter)
> \ (in the esc_chars version of the function, this allows \; to
> be escaped as \\;, then unescaped by shell into \; again.)
>
> This should be somewhat distrubing as a rather fearful number of
> people have read that document and only a very few have actually
> noticed these oversights. I certainly hope the majority of programmers

This is true, however in the context of this particular bug (Glimpse) this
isn't the case. The reason for this being that open() in perl does not
honour these escape characters.

- Oliver

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Secure Networks Incorporated. Calgary, Alberta, Canada, (403) 262-9211

Next message: Joe Zbiciak: "Re: [linux-security] so-called snprintf() in db-1.85.4 (fwd)"
Previous message: Dalvenjah FoxFire: "Re: Solaris Ping bug (DoS)"
Maybe in reply to: Razvan Dragomirescu: "Vulnerability in Glimpse HTTP"
Next in thread: Martin Pool: "Re: Vulnerability in Glimpse HTTP"