python-foomatic command injection.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
foomatic-filters-ppds |
Invalid
|
Undecided
|
Unassigned | ||
foomatic-gui (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
The "/usr/lib/
I suspect this because it does _not_ escape the value of a host's 'netbios name' nor the 'workgroup' / domain of the network on line ~118 [0] in the function get_printer_list. I have not checked but I believe this script may be used in the foomatic-gui :/
You can test against the script by doing the following:
#1 install samba
#2 add netbios name = oh'notquotezSIF to /etc/samba/smb.conf
#3 restart samba
#4 run "python /usr/lib/
[0] - for l in os.popen (str, 'r'):
affects: | launchpad → foomatic-filters-ppds |
Changed in foomatic-filters-ppds: | |
status: | New → Invalid |
description: | updated |
description: | updated |
description: | updated |
summary: |
- python-foomatic Possible command injection. + python-foomatic command injection. |
description: | updated |
visibility: | private → public |
By replacing a bunch of strupper_m function calls in source3/nmbd/ with strlower_m I was able to get /usr/bin/nmblookup to output 'lowercase' netbios and workgroup names.