mintSources : Shell Injection when import a key file
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux Mint |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Look at the attachment Screenshot.
It is possible to inject any shell command in LinuxMint with the help of a key file.
The only thing to do is to give the file a NAME wich has a shell command inside.
Demo Exploit :
-------
If you try to import a pgp file with this name :
' ' ; xmessage "I am $(whoami)"; # .pgp
the command will run with root permissions
The reason is this line 877 in mintSources.py :
-------
os.system("apt-key add %s" % dialog.
So, please do not use os.system. Use subprocess.
Thank you
The OS Version i used is this :
theregrunner@
No LSB modules are available.
Distributor ID: LinuxMint
Description: Linux Mint 17.2 Rafaela
Release: 17.2
Codename: rafaela
Bug reportet on github, too
https:/
Changed in linuxmint: | |
status: | New → Fix Released |
Patch attached.