Matt Kruse Calendar Arbitrary Command Execution Vulnerability
BID:1215
Info
Matt Kruse Calendar Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 1215 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2000 12:00AM |
| Updated: | May 16 2000 12:00AM |
| Credit: | First posted to Bugtraq by suid <[email protected]> on May 16, 2000. |
| Vulnerable: |
Matt Kruse Calendar Script 2.2 |
| Not Vulnerable: | |
Discussion
Matt Kruse Calendar Arbitrary Command Execution Vulnerability
Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two components of this package, calendar-admin.pl and calendar.pl. Calendar-admin.pl calls open() with user-input in the command string but does not parse the input for metacharacters. It is therefor possible to execute arbitrary commands on the target host by passing "|shell command|" as one value of the "configuration file" field. The shell that is spawned with the open() call will then execute those commands with the uid of the webserver. This can result in remote access to the system for the attacker. Calendar.pl is vulnerable to a similar attack.
Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two components of this package, calendar-admin.pl and calendar.pl. Calendar-admin.pl calls open() with user-input in the command string but does not parse the input for metacharacters. It is therefor possible to execute arbitrary commands on the target host by passing "|shell command|" as one value of the "configuration file" field. The shell that is spawned with the open() call will then execute those commands with the uid of the webserver. This can result in remote access to the system for the attacker. Calendar.pl is vulnerable to a similar attack.
References
Matt Kruse Calendar Arbitrary Command Execution Vulnerability
References:
References:
- Calendar Homepage (Matt Kruse)