Orca : Python3 Sound Module -- Shell Command Injection
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux Mint |
New
|
Undecided
|
Unassigned |
Bug Description
The python3 Orca module named "sound" can be used to inject Shell Commands.
File :
/usr/lib/
The os.system() call in the sound.py file uses self.path wich is the attac verctor.
line 49-53 :
import os
'! autoaudiosink > /dev/null 2>&1 &'\
% self._path) ######## < ------- Here is the Problem
--------
Exploid Demo wich runs the program xterm when a bad pathname is used to play a sound :
theregrunner@mint17 : ~ $ python3
Python 3.4.0 (default, Jun 19 2015, 14:18:46)
[GCC 4.8.2] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from orca import sound
>>> self=sound.Sound
>>> self.__
>>> self.play(self)
------------
See the attached screenshot
Please use subprocess , not os.system.
Thank you :-)
Update :
I reported the bug to the gnome Project.
The Module will be removed !
https:/ /bugzilla. gnome.org/ show_bug. cgi?id= 752796
so this issue can be closed :-)