Remote code execution vulnerability via Perl module
Adam Bishop
Adam.Bishop at jisc.ac.uk
Tue Jul 3 16:38:03 CEST 2018
On 3 Jul 2018, at 12:44, David Herselman via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Any suggestions regarding possibly cleaning other attributes which may result in code execution on the following line?
I'm not a perl expert by any stretch of the imagination, but it sounds like you're using interpolated strings (using double quotes "") with untrusted data, or calling out to a shell script?
Could you post a the few lines of your perl script at the point where the shelling out happens?
In any case, $(... is not a valid NAI, so you could just drop it in policy (FR3 does: https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/policy.d/filter#L18 )
Adam Bishop
gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
More information about the Freeradius-Users
mailing list