Code injection in cinnamon-settings-users.py
Bug #1499056 reported by
Bernd Dietzel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux Mint |
New
|
Undecided
|
Unassigned |
Bug Description
See attached screenshot.
If you edit a group name or add a new group , the edit field allows to inject shell commands with root permissions.
If the administrator types in the character ";" into the group name field , the text behind the";" will be executed as root.
File :
cinnamon-
Functions :
on_group_addition
on_group_edition
theregrunner@
Linux mintdeb 3.16.0-4-amd64 #1 SMP Debian 3.16.7-
theregrunner@
No LSB modules are available.
Distributor ID: LinuxMint
Description: LMDE 2 Betsy
Release: 2
Codename: betsy
information type: | Private Security → Public Security |
To post a comment you must log in.
Bug was fixed /github. com/linuxmint/ Cinnamon/ issues/ 4649
https:/