[VIM] PerlCal - ACKs new and old

Steven M. Christey coley at mitre.org
Sat Dec 10 21:59:47 EST 2005


Only problem is, no dates...

=== CVE-2005-4162 - cal_make.pl p0 XSS ==

PROBLEM:  [2.99 to 2.99.30] Someone using your browser locally can use
PerlCal to read your session cookies.
          Doing so does not compromise your password, and in such a
situation, the user could already read your
          local cookies files directly, but this behavior is not
SOLUTION: Edit cal_make.pl/
          Replace the lines:
                        $FORM{p0} =~ s/\.{2,}//g;
                        $FORM{p1} =~ s/\.{2,}//g;
                        $FORM{p0} =~ s/[^\w\-\&\@\~]+//g;
                        $FORM{p1} =~ s/[^\w\-\&\@\~]+//g;

=== CVE-2001-0463 - cal_make.pl p0 directory traversal ===

PROBLEM:  [-2.98, Unix] "Null character exploitation" -- files
readable by the Web
          server are viewable with appropriate specification of
PerlCal GET variables.
SOLUTION: Edit cal_make.pl (or cal_make.cgi), and find 'sub
          After the line:
            $value =~ s/%([a-fA-F0-9]{2})/pack("c", hex($1))/eg;
          Put the line:
            $value =~ s/\0//g;
          Find 'sub template'. After the line:
            local($viewdef) = @_;
          Put the line:
            $p0 =~ s/\.\.//g;
          System administrators should always turn off Read access to
sensitive files on
          the server.

More information about the VIM mailing list