dsextras.py : Shell Command Injection with a pkg name
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pygobject-2 (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
Expoit screenshot attached.
The "dsextras.py" script is vulnerable in multiple functions for code injections in the "name" of a pkg.
The script uses old and depreached python functions wich are a security risk :
commands.
os.system()
os.popen()
Please use the subprocess module instead !
Expoit Example wich runs a xmessage command
=======
theregrunner@
theregrunner@
Python 2.7.10 (default, Oct 14 2015, 16:09:02)
[GCC 5.2.1 20151010] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import dsextras
>>> dsextras.
'1.3.1'
=======
This Bug also effects the "so" files in the gtk-2.0 folder :
atk.so
gtkunixprint.so
pangocairo.so
pango.so
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: python-gobject-2 2.28.6-12build1
ProcVersionSign
Uname: Linux 4.2.0-16-generic x86_64
NonfreeKernelMo
ApportVersion: 2.19.1-0ubuntu4
Architecture: amd64
Date: Fri Nov 6 21:36:38 2015
InstallationDate: Installed on 2015-10-22 (15 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: pygobject-2
UpgradeStatus: No upgrade log present (probably fresh install)
information type: | Private Security → Public Security |
Changed in pygobject-2 (Ubuntu): | |
status: | New → Confirmed |
Changed in pygobject-2 (Ubuntu): | |
importance: | Undecided → Low |