| Subject: | shell exploit and resolv error |
| Date: | Wed, 13 Feb 2008 12:01:23 -0800 |
| To: | bug-Net-Ping-External [...] rt.cpan.org |
| From: | Jan Schaumann <jschauma [...] netmeister.org> |
Hello,
It looks like Net::Ping::External allows for shell exploits if passed
invalid hostnames.
my $alive = ping(host => "something>file");
This will create (or truncate) a file 'file' (if permissions on the cwd
or file allow it).
This is due to unchecked argument passing to backticks in External.pm
my $result = `$command`;
This should either check the given arguments and escape or not allow
shell characters, or use system instead of backticks with a list.
-Jan
--
``Life is too short to stay entirely sober.'' -- Chuck Swiger
Message body not shown because it is not plain text.