CVSWeb insecure perl "open" Vulnerability

Cvsweb 1.80 makes an insecure call to the perl OPEN function, providing attackers with write access to a cvs repository the ability to execute arbitrary commands on the host machine. The code that is being exploited here is the following: open($fh, "rlog '$filenames' 2>/dev/null |")


 

Privacy Statement
Copyright 2010, SecurityFocus