Skip Menu |

This queue is for tickets about the Filesys-SmbClient CPAN distribution.

Report information
The Basics
Id: 37818
Status: resolved
Priority: 0/
Queue: Filesys-SmbClient
People
Owner: Nobody in particular
Requestors: dmn [...] debian.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
signature.asc

History Show all quoted text
  Mon Jul 21 06:35:51 2008 dmn [...] debian.org - Ticket created
Subject: Missing input sanitising allowing remote command execution
Date: Mon, 21 Jul 2008 13:34:08 +0300
To: bug-Filesys-SmbClient [...] rt.cpan.org
From: Damyan Ivanov <dmn [...] debian.org>
It seems it is possible for a SMB server to make Filesys::SmbClient to execute arbitrary commands locally. See http://www.securityfocus.com/archive/1/494536 for details and a proposed patch. -- dam JabberID: dam@jabber.minus273.org
Download signature.asc
application/pgp-signature 197b

Message body not shown because it is not plain text.

  Wed Jul 23 01:33:52 2008 dam [...] modsoftsys.com - Correspondence added
From: dam [...] modsoftsys.com
On Mon Jul 21 06:35:51 2008, dmn@debian.org wrote: Show quoted text
> It seems it is possible for a SMB server to make Filesys::SmbClient to > execute arbitrary commands locally. > > See http://www.securityfocus.com/archive/1/494536 > for details and a proposed patch.
The issue is in Filesys::SmbClientParser, not part of Filesys-SmbClient. Sorry for the noise. -- dam
  Wed Jul 23 01:33:55 2008 The RT System itself - Status changed from 'new' to 'open'
  Tue Oct 14 05:40:25 2008 alian [...] alianwebserver.com - Correspondence added
Not for this distrib
  Tue Oct 14 05:40:28 2008 alian [...] alianwebserver.com - Status changed from 'open' to 'resolved'