| 2015-11-08 12:56:06 |
Bernd Dietzel |
bug |
|
|
added bug |
| 2015-11-08 12:56:06 |
Bernd Dietzel |
attachment added |
|
Exploit demo setup.py script with a Shell command in "name" https://bugs.launchpad.net/bugs/1514183/+attachment/4515059/+files/setup.py |
|
| 2015-11-08 12:56:39 |
Bernd Dietzel |
summary |
distutils : filebdist_rpm.py allows Shell injection in "name" |
distutils : file "bdist_rpm.py" allows Shell injection in "name" |
|
| 2015-11-08 12:58:00 |
Bernd Dietzel |
information type |
Public |
Public Security |
|
| 2015-11-08 12:58:29 |
Bernd Dietzel |
description |
File :
/usr/lib/python2.7/distutils/command/bdist_rpm.py
Line 358 :
This line in the code uses the depreached os.popen command, should be replaced with supbprocess.Popen() :
out = os.popen(q_cmd)
Exploit demo :
============
1) Download the setup.py script wich i attached
2) Create a test folder an put the setup.py script in this folder
3) cd to the test folder
4) python setup.py bdist_rpm
5) A xmessage window pops up as a proof of concept
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: libpython2.7-stdlib 2.7.10-4ubuntu1
ProcVersionSignature: Ubuntu 4.2.0-17.21-generic 4.2.3
Uname: Linux 4.2.0-17-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.19.1-0ubuntu4
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Nov 8 13:47:34 2015
InstallationDate: Installed on 2015-10-22 (16 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
SourcePackage: python2.7
UpgradeStatus: No upgrade log present (probably fresh install) |
File :
/usr/lib/python2.7/distutils/command/bdist_rpm.py
Line 358 :
This line in the code uses the depreached os.popen command, should be replaced with subprocess.Popen() :
out = os.popen(q_cmd)
Exploit demo :
============
1) Download the setup.py script wich i attached
2) Create a test folder an put the setup.py script in this folder
3) cd to the test folder
4) python setup.py bdist_rpm
5) A xmessage window pops up as a proof of concept
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: libpython2.7-stdlib 2.7.10-4ubuntu1
ProcVersionSignature: Ubuntu 4.2.0-17.21-generic 4.2.3
Uname: Linux 4.2.0-17-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.19.1-0ubuntu4
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Nov 8 13:47:34 2015
InstallationDate: Installed on 2015-10-22 (16 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
SourcePackage: python2.7
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2015-11-12 21:00:18 |
Tyler Hicks |
python2.7 (Ubuntu): status |
New |
Incomplete |
|
| 2015-11-12 21:00:24 |
Tyler Hicks |
bug |
|
|
added subscriber Tyler Hicks |
| 2015-11-14 21:15:43 |
Bernd Dietzel |
bug watch added |
|
http://bugs.python.org/issue25627 |
|
| 2016-03-31 20:20:50 |
Brian Murray |
bug task added |
|
python |
|
| 2016-04-01 06:38:06 |
Bug Watch Updater |
python: status |
Unknown |
New |
|
| 2021-02-03 21:20:50 |
Bug Watch Updater |
python: status |
New |
Invalid |
|
