14 Oct
2004
14 Oct
'04
9:03 a.m.
Hi All!
Summary: When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user.
But it's not that "any shell command" can be executed? I thought that only output from the allowed programms can be redirected; thus you can actually only overwrite files with privileges of httpd user, right? I thought "|" and ";" are escaped by the shellarg-command, so that no other program could be spawned...?
(Sorry, haven't had the time to investigate your fix)
Regards, Garvin.
--
Garvin Hicking | Web-Entwickler | Make me happy:
www.supergarv.de | #ICQ 21392242 | http://wishes.garv.info/