Re: [Gnumed-devel] (no subject)

gnumed-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] (no subject)

From:	Karsten Hilbert
Subject:	Re: [Gnumed-devel] (no subject)
Date:	Wed, 24 Nov 2004 11:45:41 +0100
User-agent:	Mutt/1.3.22.1i

> >+     # fix for Codev.SecurityAlertExecuteCommandsWithSearch
> >+     # vulnerability, search: "test_vulnerability '; ls -la'"
> >+     $theSearchVal =~ s/(^|[^\\])([\'\`])/\\$2/g;    # Escape ' and `
> >+     $theSearchVal =~ s/address@hidden(/$1\\\(/g;           # Defuse @( ... 
> >) and 
> >$( ... )
> >+     $theSearchVal = substr($theSearchVal, 0, 1500); # Limit string length
> >+
> >     my $originalSearch = $theSearchVal;
This suspicion would coincide with the observation that the
hacked machine had loads of hung up grep processes running over
Wiki data but subshelling strange commands such as "rm" and
"chmod".

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnumed-devel] (no subject), catmat, 2004/11/18
- Re: [Gnumed-devel] (no subject), Karsten Hilbert, 2004/11/19
- [Gnumed-devel] (no subject), flotsamjetsom, 2004/11/22
  - Re: [Gnumed-devel] (no subject), Karsten Hilbert, 2004/11/23
    - [Gnumed-devel] Python API for office applications, Horst Herb, 2004/11/23
    - Re: [Gnumed-devel] Python API for office applications, Tim Churches, 2004/11/23
- [Gnumed-devel] (no subject), catmat, 2004/11/23
  - Re: [Gnumed-devel] (no subject), Karsten Hilbert <=

Prev by Date: [Gnumed-devel] Popular soft - very low price
Next by Date: Re: [Gnumed-devel] The 1,2,3's of SOAP for multiple problems-2
Previous by thread: [Gnumed-devel] (no subject)
Next by thread: [Gnumed-devel] Re: golden poodle, and she,
Index(es):
- Date
- Thread