[VIM] SquirrelMail GPG Plugin Vulnerabilities
Nicob
nicob at nicob.net
Tue Jul 10 11:40:31 UTC 2007
> o http://lists.immunitysec.com/pipermail/dailydave/2007-July/004452.html
> is a post made Nicob on 7/8 to Daily Dave that mentions an attack vector
> fixed in version 2.1 but provides no specifics.
> o http://lists.immunitysec.com/pipermail/dailydave/2007-July/004456.html
> is a post made by Nicob on 7/9 to Daily Dave that details an attack
> vector involving the gpg_check_sign_pgp_mime() function in
> gpg_hook_functions.php.
That's the same vuln.
My PoC for the gpg_check_sign_pgp_mime() command execution doesn't
affect version 2.1 because of a switch from exec() to proc_open(). But I
wouldn't bet there's no more room for exploitation of this very vuln if
somebody spend enough time to understand their complex use of
proc_open().
Nicob
More information about the VIM
mailing list