A fixed version of Gregarius 0.5.2 has been released to fix this security hole. If you are running version 0.5.2 or prior of Gregarius you are strongly encouraged to upgrade. See http://devlog.gregarius.net/2005/11/01/security-update/ for details. The svn/dev version and nightly releases are not affected. -m On 10/29/05, Marco Bonetti <mbonetti at gmail.com> wrote: > Sameer, > > here is how I reproduce the bug with Gregarius' Snoopy.class.inc: > > Update to changeset 988: svn up -r 988 > > Then edit a feed settings and enter the following in the favicon's textfield: > > https://; echo 'hello, world'>/tmp/snoopy.bug.txt > > Submit... and voila: you have a file in /tmp :( > > > > > On 10/29/05, Sameer D'Costa <sameerslists at gmail.com> wrote: > > Hello Marco, > > > > It looks like Gregarius is not affected because we are not using the > > official Snoopy sources. I wrote a little note on ticket 241. I hope > > someone can double check and verify this. > > > > Sameer > > > > > > On Fri, Oct 28, 2005 at 07:36:03AM +0200, Marco Bonetti wrote: > > > > > Date: Fri, 28 Oct 2005 07:36:03 +0200 > > > From: Marco Bonetti <mbonetti at gmail.com> > > > To: gregarius-dev at sinless.org > > > Subject: [greg-dev] Security hole in Snoopy > > > Reply-To: gregarius-dev at sinless.org > > > > > > Hello, > > > > > > A security hole allowing for arbitrary code execution has been > > > discovered in the Snoopy class: http://www.sec-consult.com/216.html > > > > > > Gregarius installations whose Administration area aren't > > > password-protected (e.g. where anyone can subscribe to feeds) are > > > affected by this bug. > > > > > > I'll analyze this issue ASAP and consider whether a new release is necessary. > > > > > > In the meantime, please make sure that your Gregarius admin area is > > > password protected, if your installation is publicly accessible from > > > the web. > > > > > > I've created ticket #241 http://svn.gregarius.net/trac/ticket/241 to > > > track this issue. > > > > > > -m > > > > > > _______________________________________________ > > > gregarius-dev mailing list > > > gregarius-dev at sinless.org > > > http://sinless.org/mailman/listinfo/gregarius-dev > > _______________________________________________ > > gregarius-dev mailing list > > gregarius-dev at sinless.org > > http://sinless.org/mailman/listinfo/gregarius-dev > > >