command injection in deluser
Bug #782170 reported by
Emanuel Bronshtein
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adduser (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: adduser
/usr/sbin/deluser have command injection bug .
testcase :
root@emanuel-
root@emanuel-
no crontab for root
SystemInj
Removing user `;echo SystemInj;1' ...
Warning: group `' has no more members.
Done.
the bug can be found at :
if (system("crontab -l $user >/dev/null 2>&1") == 0) {
To post a comment you must log in.