On Tue, Apr 02, 2002 at 02:45:07PM +0200, Michele Finelli wrote:
> * Alessandro Forghieri (alf@xxxxxxxx) [020402 14:16]:
> >
> > P.S. Chi ancora crede che i computer siano un esempio di progresso consideri
> > quanto sopra: l'informatica e' la scienza dove non si riesce a capire che
> > iso_8859_1 e iso-8859-1 sono la stessa cosa. Deprimente.
> >
>
> BTW l'informatica e` anche la scienza che ti ricorda che e` stato
> segnalato un bug di SquirrelMail pochi giorni fa, trovi i riferimenti su
> bugtraq, non ho il mail sottomano
>
forwardo da bugtraq
_____________________________________________________________________________
On Wed, 2002-03-27 at 20:16, pokleyzz sakamaniaka wrote:
> email user can append $THEME variable through
> cookies
This is very obscure and is limited only to valid users within your
squirrelmail application (e.g. the person has to have a valid login in
order to exploit this vulnerability). The problem is fixed in the
current CVS and will be out with Squirrelmail-1.2.6. Here is the fix,
should you want to apply it, or just wait till the next release, since
this is not a high-risk vulnerability.
Regards,
Konstantin Riabitsev,
Squirrelmail Bugmaster
hotfix:
--- validate.php.orig Sun Mar 31 16:15:52 2002
+++ validate.php Fri Mar 29 00:28:05 2002
@@ -61,6 +61,15 @@
* Include them down here instead of at the top so that all config
* variables overwrite any passed in variables (for security).
*/
+
+/**
+ * Reset the $theme() array in case a value was passed via a cookie.
+ * This is until theming is rewritten.
+ */
+global $theme;
+unset($theme);
+$theme=array();
+
require_once('../config/config.php');
require_once('../src/load_prefs.php');
require_once('../functions/page_header.php');
------------------------------------------------------------------------------
Saluti
--
DarioB (on irc dariondol)
S.A. Labinfo - Facolta' di Economia - Universita' degli Studi BO
Segretario ERLUG
http://erlug.linux.it
|