man in the middle

Bug #1586318 reported by Bernd Dietzel
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description

Line : 119

os.system('apturl %s &' % uri)

If someone redirects the url of the anoise website to his website,
he can inject code to the shell by changing the apturl text on the manipulated website.

Please use subprocess.
Thanks :-)

information type: Private Security → Public Security
costales (costales)
Changed in anoise:
milestone: none → 0.0.28
assignee: nobody → costales (costales)
status: New → Triaged
costales (costales)
Changed in anoise:
status: Triaged → In Progress
importance: Undecided → High
costales (costales)
Changed in anoise:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.