From owner-freebsd-ports@FreeBSD.ORG Fri Nov 18 09:49:59 2005 Return-Path: X-Original-To: ports@FreeBSD.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B417316A41F for ; Fri, 18 Nov 2005 09:49:59 +0000 (GMT) (envelope-from mrj@mrj.spb.ru) Received: from gifts.ru (ws2.amber.pu.ru [195.70.195.34]) by mx1.FreeBSD.org (Postfix) with SMTP id 93D81443AE for ; Fri, 18 Nov 2005 09:49:53 +0000 (GMT) (envelope-from mrj@mrj.spb.ru) Received: (qmail 97902 invoked from network); 18 Nov 2005 09:49:49 -0000 Received: by simscan 1.1.0 ppid: 97898, pid: 97899, t: 0.1638s scanners:none Received: from unknown (HELO ?192.168.0.57?) (192.168.0.57) by gifts.ru with SMTP; 18 Nov 2005 09:49:49 -0000 Message-ID: <437DA508.8070409@mrj.spb.ru> Date: Fri, 18 Nov 2005 12:55:20 +0300 From: Roman Mashirov User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.7.10) Gecko/20050716 Thunderbird/1.0.6 Mnenhy/0.7.2.0 X-Accept-Language: ru-ru, ru MIME-Version: 1.0 To: ports@FreeBSD.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: security@FreeBSD.org Subject: FreeBSD Port: p5-ldap-abook-1.00 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Nov 2005 09:49:59 -0000 Hi! This cgi script contains remote code exec. In the following code (line 128): my $attr = eval $query->param(entry); script directly evaluates cgi paramter, received form client, so leads to the following output from script: # $FreeBSD: src/etc/master.passwd,v 1.39 2004/08/01 21:33:47 markm Exp $ # root:*:0:0:Charlie &:/root:/bin/csh and so on WBR -- MRJ