command injection in update-perl-sax-parsers

Bug #782479 reported by Emanuel Bronshtein on 2011-05-14
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libxml-sax-perl (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: libxml-sax-perl

/usr/bin/update-perl-sax-parsers have command injection bug .

test case :
emanuel@emanuel-desktop:/tmp$ /usr/bin/update-perl-sax-parsers --update --file " 2>/dev/null ;echo Systeminj;exit;" --ucf 1
update-perl-sax-parsers: Updating overall Perl SAX parser modules info file...
Systeminj

the bug can be found at :

    if ($ucf) {
        system("ucf --debconf-ok --sum-file /var/lib/libxml-sax-perl/ParserDetails.ini.md5sum $tmpfile $file");
        unlink $tmpfile or die("unlink $tmpfile: $!");
    }

Changed in libxml-sax-perl (Ubuntu):
importance: Undecided → Low
Emanuel Bronshtein (e3amn2l) wrote :

fix:
system("ucf" , "--debconf-ok" , "--sum-file" , "/var/lib/libxml-sax-perl/ParserDetails.ini.md5sum" , $tmpfile , $file);

Florian Schlichting (fschlich) wrote :

(in Debian, libxml-sax-perl (0.99+dfsg-2))

Changed in libxml-sax-perl (Ubuntu):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libxml-sax-perl - 0.99+dfsg-2

---------------
libxml-sax-perl (0.99+dfsg-2) unstable; urgency=low

  * Fix a command injection bug in update-perl-sax-parsers (LP: #782479).
  * Bump Standards-Version to 3.9.3 (use copyright-format 1.0).
  * Bump years of Debian copyright.

 -- Florian Schlichting <email address hidden> Fri, 01 Jun 2012 19:08:31 +0200

Changed in libxml-sax-perl (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers