DNSTools Input Validation Vulnerability

A vulnerability exists in the 1.0.8 release of DNSTools (labeled on some areas of their site as 1.08), from DNSTools Software. By manipulating the contents of certain post variables, arbitrary code may be executed.

Note that version 1.10 is reportedly still vulnerable. See message from Wolfgang Wiese <wolfgang.wiese@rrze.uni-erlangen.de> in reference section.

The problem stems from the following code:

$host_name = $CGI->param("host_name");
$domain_name = $CGI->param("domain_name");

$error_description = "";
my $error_code = system("/usr/local/dnstools/delete_mx -d \"$domain_name\" -n \"$host_name\"");

No escaping or input validation is performed. This makes it easy for a would be attacker to execute arbitrary commands, as the user the webserver or cgi-bin is being run as.


 

Privacy Statement
Copyright 2010, SecurityFocus