[Bug 396807] [NEW] Security issue allows code execution, CVE-2009-1440
Andreas Moog
andreas-launchpad at warperbbs.de
Tue Jul 7 23:49:26 UTC 2009
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: amule
The presumably fixed CVE-2009-1440 is not fixed after all. Quoting the
debian report:
"Unfortunately it doesn't work properly. It looks like upstream didn't
even bother to test the fix.
Quick (and harmless) way to simulate an attack and reproduce the bug:
- run amule from the command line
- set video player to "vlc" in the preferences
- start downloading a file (use the search tool to find a small
txt file)
- pause download using right click -> Pause
- rename file to '-vvvv.avi (with a leading tick) using right
click -> Show File Details
- resume download, wait for completion
- double click on the file
- you should see VLC's very verbose debug messages in amule's console,
indicating that it has been called with -vvvv.avi as an extra
argument, increasing its verbosity
The following fix works, though (tested with 2.2.5):
rawFileName.Replace(QUOTE, wxT("\\") QUOTE);
"
(End of quote)
I uploaded a package with the fix to karmic and will try to provide
fixes for jaunty, intrepid and hardy.
** Affects: amule (Ubuntu)
Importance: High
Status: Triaged
** Affects: amule (Debian)
Importance: Unknown
Status: Unknown
** Bug watch added: Debian Bug tracker #525078
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
** Also affects: amule (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
Importance: Unknown
Status: Unknown
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1440
** Visibility changed to: Public
** Changed in: amule (Ubuntu)
Importance: Undecided => High
** Changed in: amule (Ubuntu)
Status: New => Triaged
--
Security issue allows code execution, CVE-2009-1440
https://bugs.launchpad.net/bugs/396807
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list