God bless EMC. Part II

Another brilliant example of developers’ idiocy is CS-44443. In D6.7SP1P24 EMC silently made changes in dm_event_sender.ebs script:

--- /tmp/dm_event_sender.ebs    2014-01-29 19:06:52.000000000 +0300
+++ bin/dm_event_sender.ebs     2014-01-31 20:08:54.000000000 +0300
@@ -457,7 +457,7 @@
     If do_single_message = True Then
         recipient_name$ = sender_name$
     End If
-
+    mailScript$ = "./dm_mailwrapper.sh"
     mailCommand$ = mailScript _
     & " " & "-delete_contents" _
     & " " & subject_line$ _

now dm_event_sender.ebs ignores value of mailScript parameter, but it is still vulnerable…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s