Internet / Network Security
  1. Home
  2. Computing & Technology
  3. Internet / Network Security

[SA10966] Confirm Arbitrary Command Execution Vulnerability
Confirm Arbitrary Command Execution Vulnerability

From Secunia, for About.com

TITLE:
Confirm Arbitrary Command Execution Vulnerability

SECUNIA ADVISORY ID:
SA10966

VERIFY ADVISORY:
http://secunia.com/advisories/10966/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Confirm 0.x

DESCRIPTION:
Mariusz Woloszyn has discovered a vulnerability in Confirm, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error when processing information in mail headers. This can be exploited to execute arbitrary commands on a user's system with the user's privileges by including various meta characters in a mail header.

The vulnerability reportedly affects version 0.62 and prior.

SOLUTION:
Update to version 0.70:
http://hr.uoregon.edu/davidrl/confirm/confirm-0.70.tgz

PROVIDED AND/OR DISCOVERED BY:
Mariusz Woloszyn

For further details and links please click here to see the actual Secunia Advisory: http://secunia.com/advisories/10966/

More Internet / Network Security Quick Tips
Explore Internet / Network Security
About.com Special Features
Family Tech Center

Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >

Connect Your Home Computers

Easy ways to connect two computers for networking purposes. More >

Internet / Network Security
  1. Home
  2. Computing & Technology
  3. Internet / Network Security

©2009 About.com, a part of The New York Times Company.

All rights reserved.