nph-maillist Arbitrary Code Execution Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

This issue can be resolved by editing nph-maillist.pl . There is a section with several lines like:

if ($FORM{'emailaddress'} !~ /\@/) { &bad_email();}

Add the following two lines to that section:

if ($FORM{'emailaddress'} =~ /\;/) { &bad_email();}

if ($FORM{'emailaddress'} =~ /\`/) { &bad_email();}



 

Privacy Statement
Copyright 2010, SecurityFocus