Insecure use of perl exec()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Shutter |
Fix Released
|
Undecided
|
Unassigned | ||
Debian |
Fix Released
|
Unknown
|
|||
openSUSE |
Fix Released
|
Medium
|
Bug Description
This vulnerability is almost same as CVE-2015-0854. If you click "Run a plugin" option while viewing a file with a specially-crafted filename allows arbitrary code execution with the permissions
of the user running Shutter.
STEPS TO REPRODUCE:
1) Rename an image to something like "$(firefox)"
2) Open the renamed file in shutter
3) Click the "Run a plugin" option and select any plugin from the list and click "Run"
You should see firefox browser opened as separate process.
In line 7571-7572:
$session_
$session_
if the file doesn't any have extension, $session_
In line 7163:/usr/
exec( sprintf( "$^X $plugin_value %d $qfilename $session_
by passing unescaped shell characters "$session_
CVE References
description: | updated |
Changed in debian: | |
status: | Unknown → Confirmed |
Changed in opensuse: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Changed in debian: | |
status: | Confirmed → Fix Released |
Changed in opensuse: | |
status: | Confirmed → Unknown |
Changed in opensuse: | |
status: | Unknown → Fix Released |
Changed in opensuse: | |
status: | Fix Released → Unknown |
Changed in opensuse: | |
status: | Unknown → Fix Released |
Changed in shutter: | |
milestone: | none → 0.94.1 |
Changed in shutter: | |
status: | Fix Committed → Fix Released |
CVE-2016-10081 id has been assigned for tracking this vulnerability.