CVE-2002-1536

Name of the Vulnerable Software and Affected Versions Molly IRC bot version 0.5

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in several variables across different scripts, including the $host variable in nslookup.pl, the $to, $from, or $message variables in pop.pl, the $words or $text variables in sms.pl, and the $server or $printer variables in hpled.pl.

Recommendations For Molly IRC bot version 0.5, consider restricting or sanitizing input for the $host variable in nslookup.pl, the $to, $from, and $message variables in pop.pl, the $words and $text variables in sms.pl, and the $server and $printer variables in hpled.pl to prevent command execution. As a temporary workaround, consider disabling the execution of shell commands from these scripts until a patch is available.