The impact of Snoopy vulnerability

Date 2008-10-30 16:04:51 | Category: XOOPS
in englishin japanese
A command execution vulnerability has found at the library "Snoopy".
http://secunia.com/Advisories/32361/

But calm down, guy.
All XOOPS forks never pass arbitrary URIs into Snoopy.
And almost modules using Snoopy allow to set URIs only by administrators.
Just update the releasing version later.

But, if you allows guests or incredible users to set URI using Snoopy, you have to patch it urgently.


Index: html/class/snoopy.php
===================================================================
--- snoopy.php  (revision 729)
+++ snoopy.php  (working copy)
@@ -1035,8 +1035,7 @@

                $headerfile = tempnam($temp_dir, "sno");

-               $safer_URI = strtr( $URI, "\"", " " ); // strip quotes from the URI to avoid shell access
-               exec($this->curl_path." -D \"$headerfile\"".$cmdline_params." \"".$safer_URI."\"",$results,$return);
+               exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return);

                if($return)
                {





You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=465