man in the middle

Bug #1586318 reported by Bernd Dietzel on 2016-05-27
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ANoise
High
costales

Bug Description

/usr/share/anoise/preferences.py
Line : 119

os.system('apturl %s &' % uri)

If someone redirects the url of the anoise website to his website,
he can inject code to the shell by changing the apturl text on the manipulated website.

Please use subprocess.
Thanks :-)

information type: Private Security → Public Security
costales (costales) on 2017-06-12
Changed in anoise:
milestone: none → 0.0.28
assignee: nobody → costales (costales)
status: New → Triaged
costales (costales) on 2017-06-12
Changed in anoise:
status: Triaged → In Progress
importance: Undecided → High
costales (costales) on 2017-06-14
Changed in anoise:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers