Open Webmail is a perl webmail program that runs on UNIX operational systems.
For more about Open WebMail, it´s official website is http://openwebmail.org/.
Ok, let´s talk about the problem.
I´ve tested Open WebMail 1.71 an when you enter an invalid username (user
that doesn´t exist on the system), the
WebMail returns to you a "very nice screen" like it:
---
Open WebMail ERROR
user does not exist
Open WebMail version 1.71
---
Ok, now try to copy with your mouse the all message that returned to you,
and...
---
Open WebMail ERROR
user does not exist
euid=0, egid=80 80 80, mailgid=6
Open WebMail version 1.71
---
...KABOOM! Look what magically appears:
"euid=0, egid=80 80 80, mailgid=6"
allright, let´s verify the information:
ps aux
root 9044 0.0 3.0 3248 2776 ?? R 10:29AM
0:00.40 /usr/bin/perl -T /usr/local/www/cgi-bin/openwebmail/.openwebmail.pl
As you can see above, the perl scrip run as root, and we can know it just
with the "magically information" that appears on the "very nice screen".
That´s could be the begin for an attack... know information.
Yeah guys, something is wrong... Some information is better than we can
imagine, and some information like it to the wrong (or right) guys... :)
Hugs,
Felipe Neuwald
felipe (at) freebsdbr.com (dot) br [email concealed]
Open Webmail is a perl webmail program that runs on UNIX operational systems.
For more about Open WebMail, it´s official website is http://openwebmail.org/.
Ok, let´s talk about the problem.
I´ve tested Open WebMail 1.71 an when you enter an invalid username (user
that doesn´t exist on the system), the
WebMail returns to you a "very nice screen" like it:
---
Open WebMail ERROR
user does not exist
Open WebMail version 1.71
---
Ok, now try to copy with your mouse the all message that returned to you,
and...
---
Open WebMail ERROR
user does not exist
euid=0, egid=80 80 80, mailgid=6
Open WebMail version 1.71
---
...KABOOM! Look what magically appears:
"euid=0, egid=80 80 80, mailgid=6"
allright, let´s verify the information:
ps aux
root 9044 0.0 3.0 3248 2776 ?? R 10:29AM
0:00.40 /usr/bin/perl -T /usr/local/www/cgi-bin/openwebmail/.openwebmail.pl
As you can see above, the perl scrip run as root, and we can know it just
with the "magically information" that appears on the "very nice screen".
That´s could be the begin for an attack... know information.
Yeah guys, something is wrong... Some information is better than we can
imagine, and some information like it to the wrong (or right) guys... :)
Hugs,
Felipe Neuwald
felipe (at) freebsdbr.com (dot) br [email concealed]
--
FreeBSDbr.com.br
[ reply ]