[Bug 782705] Re: command injection in ckbcomp
Bryce Harrington
782705 at bugs.launchpad.net
Tue Mar 20 04:23:09 UTC 2012
** Changed in: console-setup (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to console-setup in Ubuntu.
https://bugs.launchpad.net/bugs/782705
Title:
command injection in ckbcomp
Status in “console-setup” package in Ubuntu:
Fix Released
Bug description:
Binary package hint: console-setup
/usr/bin/ckbcomp have command injection bug .
test case :
root at emanuel-desktop:/tmp# touch "/etc/console-setup/compose.a;echo Systeminj;#.inc" "/usr/share/consoletrans/a;echo Systeminj;#.acm" "/tmp/CKB"
root at emanuel-desktop:/tmp# /usr/bin/ckbcomp "/tmp/CKB" -symbols "/tmp/CKB" -charmap "a;echo Systeminj;#"
WARNING: Can not find "" in "/tmp/CKB".
keymaps 0-127
strings as usual
cat: /etc/console-setup/compose.a: No such file or directory
Systeminj
the bug can be found at :
if ($charmap && -f "/etc/console-setup/compose.${charmap}.inc") {
system("cat /etc/console-setup/compose.${charmap}.inc");
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/console-setup/+bug/782705/+subscriptions
More information about the foundations-bugs
mailing list