Possible Shell Command Injection
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt-offline (Ubuntu) |
Incomplete
|
Undecided
|
SYEDFAYAZ MUJAWAR |
Bug Description
Because of this os.system call in AptOfflineCoreL
x = os.system("%s %s %s %s" % (self.gpgv, self.opts, signature_file, signed_file) )
the python script is vulnerable to shell command injections in 4 ways.
1. if there is a shell command in the path, for example /tmp/$(xterm)/gpgv/
2. in the "keyring" text
3. in the name of the "signature file"
4. in the name of the "signed_file", for example ;xmessage hello;#.gpg
i attached a patch for this
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: apt-offline 1.6.1
ProcVersionSign
Uname: Linux 4.2.0-16-generic x86_64
ApportVersion: 2.19.1-0ubuntu3
Architecture: amd64
CurrentDesktop: XFCE
Date: Sun Oct 25 17:06:11 2015
InstallationDate: Installed on 2015-10-09 (15 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
PackageArchitec
SourcePackage: apt-offline
UpgradeStatus: No upgrade log present (probably fresh install)
information type: | Public → Public Security |
Changed in apt-offline (Ubuntu): | |
assignee: | nobody → SYEDFAYAZ MUJAWAR (syedfayaz28) |
The attachment "Patch for AptOfflineCoreL ib.py" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]