[VIM] PerlCal - ACKs new and old
Steven M. Christey
coley at mitre.org
Sat Dec 10 21:59:47 EST 2005
http://www.perlcal.com/calendar/docs/bugs.txt
Only problem is, no dates...
=== CVE-2005-4162 - cal_make.pl p0 XSS ==
PROBLEM: [2.99 to 2.99.30] Someone using your browser locally can use
PerlCal to read your session cookies.
Doing so does not compromise your password, and in such a
situation, the user could already read your
local cookies files directly, but this behavior is not
ideal.
SOLUTION: Edit cal_make.pl/
Replace the lines:
$FORM{p0} =~ s/\.{2,}//g;
$FORM{p1} =~ s/\.{2,}//g;
with:
$FORM{p0} =~ s/[^\w\-\&\@\~]+//g;
$FORM{p1} =~ s/[^\w\-\&\@\~]+//g;
=== CVE-2001-0463 - cal_make.pl p0 directory traversal ===
PROBLEM: [-2.98, Unix] "Null character exploitation" -- files
readable by the Web
server are viewable with appropriate specification of
PerlCal GET variables.
SOLUTION: Edit cal_make.pl (or cal_make.cgi), and find 'sub
getinput'.
After the line:
$value =~ s/%([a-fA-F0-9]{2})/pack("c", hex($1))/eg;
Put the line:
$value =~ s/\0//g;
Find 'sub template'. After the line:
local($viewdef) = @_;
Put the line:
$p0 =~ s/\.\.//g;
System administrators should always turn off Read access to
sensitive files on
the server.
More information about the VIM
mailing list