Possible command injection.
The "/usr/lib/python2.6/dist-packages/foomatic/pysmb.py" script which is part of python-foomatic (foomatic-gui depends on this apparently :/) appears that it maybe vulnerable to command injection.
I suspect this because it does _not_ escape the value of a host's 'netbios name' nor the 'workgroup' / domain of the network on line ~118 [0] in the function get_printer_list. I have not checked but I believe this script may be used in the foomatic-gui :/
You can test against the script by doing the following:
#1 installing samba, placing netbios name = oh'notquotezSIF
#2 and then running "python /usr/lib/python2.6/dist-packages/foomatic/pysmb.py"
Possible command injection. python2. 6/dist- packages/ foomatic/ pysmb.py" script which is part of python-foomatic (foomatic-gui depends on this apparently :/) appears that it maybe vulnerable to command injection.
The "/usr/lib/
I suspect this because it does _not_ escape the value of a host's 'netbios name' nor the 'workgroup' / domain of the network on line ~118 [0] in the function get_printer_list. I have not checked but I believe this script may be used in the foomatic-gui :/
You can test against the script by doing the following: python2. 6/dist- packages/ foomatic/ pysmb.py"
#1 installing samba, placing netbios name = oh'notquotezSIF
#2 and then running "python /usr/lib/
[0] - for l in os.popen (str, 'r'):