ANoise

man in the middle

Bug #1586318 reported by Bernd Dietzel on 2016-05-27

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ANoise	Fix Released	High	costales	ANoise 0.0.28

Bug Description

/usr/share/anoise/preferences.py
Line : 119

os.system('apturl %s &' % uri)

If someone redirects the url of the anoise website to his website,
he can inject code to the shell by changing the apturl text on the manipulated website.

Please use subprocess.
Thanks :-)

Bernd Dietzel (l-ubuntuone1104) on 2016-08-13

information type:

Private Security → Public Security

costales (costales) on 2017-06-12

Changed in anoise:
milestone:	none → 0.0.28
assignee:	nobody → costales (costales)
status:	New → Triaged

costales (costales) on 2017-06-12

Changed in anoise:
status:	Triaged → In Progress
importance:	Undecided → High

costales (costales) on 2017-06-14

Changed in anoise:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.