[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] remotely exploitable bugs in worldtrans-web

To: linux-security
Subject: [linux-security] remotely exploitable bugs in worldtrans-web
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 11 Sep 2002 18:44:49 -0700
User-Agent: Mutt/1.4i

Topic
=====
remotely exploitable vulnerabilities in wordtrans-web

Problem Description
===================
The wordtrans-web package provides an interface to query multilingual
dictionaries via a web browser.

Improper input validation allows for the execution of arbitrary code or
injection of cross-site scripting code by passing in unexpected parameters
to the wordtrans.php script. The wordtrans.php script then unsafely
executes the wordtrans binary with the malformed parameters.

Affected Systems
================
worldtrans versions upto and including 1.1pre8

Solution
========
upgrade to a patched version for your distribution

RedHat 7.3
----------
rpm -Fvh wordtrans-1.1pre8-11.i386.rpm \
         wordtrans-kde-1.1pre8-11.i386.rpm \
         wordtrans-qt-1.1pre8-11.i386.rpm \
         wordtrans-web-1.1pre8-11.i386.rpm

Prev by Date: [linux-security] remotely exploitable bug in gaim
Next by Date: Re: [linux-security] php remote exploit (Debian)
Prev by thread: [linux-security] NFS mount options for sphinx.sfu.ca
Next by thread: [linux-security] remotely exploitable bug in gaim
Index(es):
- Date
- Thread