thr3ads.net - Secure testing team - [Secure-testing-team] Bug#482853: cbrpager: command execution flaw via malicious file names [May 2008]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Steffen Joeris

2008-May-25 14:08 UTC

[Secure-testing-team] Bug#482853: cbrpager: command execution flaw via malicious file names

Package: cbrpager
Severity: grave
Tags: security, patch
Justification: user security hole

Hi

cbrpager is affected by a command execution flaw via malicious file
names in a similar was as comix was affected(0).

A CVE id for this issue has been requested.

For more information see the redhat bugreport(1).
The upstream patch can be found here(2).

Cheers
Steffen

(0): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840

(1): https://bugzilla.redhat.com/show_bug.cgi?id=448285

(2):
http://cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patch?rev=1.2

Secure testing team - May 2008 - Bug#482853: cbrpager: command execution flaw via malicious file names

[Secure-testing-team] Bug#482853: cbrpager: command execution flaw via malicious file names