Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability

Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability

The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment.

A CGI script included with the CD does not adequately sanitize input. Due to a design failure which does not remove special characters such as the pipe (|) character, a user submitting a malicious email address to the script could execute arbitrary commands with the permissions of the executing program.