Remote command execution...

[mhig]

Remote command execution is possible due to non filtered input from $query when you do a fortune..

the bug is in these lines:
-----
  @cookie = `/usr/games/fortune $query`;

  while (length(scalar @cookie) > 300) {
    @cookie = `/usr/games/fortune $query`;
  }
-----

fix: (checks $query for 'special characters')
if($query =~ tr/;<>*|`&$!#()[]{}:'"//) { print "someone been bad\n"; }




/mhig

[R1CH]

Yes, this is somewhat dangerous bug - there is also another one I won't  disclose just yet. The cookie one is mitigated somewhat as $query must pass the -f file existence check and by trying to put shell commands in this will always fail. Again, another thing fixed in 1.0.3...