insecure use of os.system()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pysvn |
Fix Released
|
Low
|
|||
svn-workbench (Debian) |
Fix Released
|
Unknown
|
|||
svn-workbench (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
SYNOPSIS:
If a user was tricked into using the "Command Shell" menu item
while in a directory with a specially-crafted name,
permissions of the user.
STEPS TO REPRODUCE:
1. Add "https:/
project in svn-workbench
2. Checkout the project
3. Navigate to "trunk/$(xeyes)"
4. Click "Actions", then "Command Shell"
The `xeyes` program (if installed on your system) should start.
Source/
def ShellOpen( app, project_info, filename ):
cur_dir = os.getcwd()
try:
The code should instead start a subprocess in a secure way, such as
using subprocess.call().
CVE References
information type: | Private Security → Public Security |
Changed in svn-workbench (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in pysvn: | |
importance: | Unknown → Low |
status: | Unknown → In Progress |
Changed in svn-workbench (Debian): | |
status: | Unknown → Confirmed |
Changed in pysvn: | |
status: | In Progress → Fix Released |
Changed in svn-workbench (Debian): | |
status: | Confirmed → Fix Released |