[Bug 396807] [NEW] Security issue allows code execution, CVE-2009-1440

Andreas Moog andreas-launchpad at warperbbs.de
Tue Jul 7 23:49:26 UTC 2009 

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: amule

The presumably fixed CVE-2009-1440 is not fixed after all. Quoting the
debian report:

"Unfortunately it doesn't work properly. It looks like upstream didn't
even bother to test the fix.

   Quick (and harmless) way to simulate an attack and reproduce the bug:

    - run amule from the command line
    - set video player to "vlc" in the preferences
    - start downloading a file (use the search tool to find a small
      txt file)
    - pause download using right click -> Pause
    - rename file to '-vvvv.avi (with a leading tick) using right
      click -> Show File Details
    - resume download, wait for completion
    - double click on the file
    - you should see VLC's very verbose debug messages in amule's console,
      indicating that it has been called with -vvvv.avi as an extra
      argument, increasing its verbosity

   The following fix works, though (tested with 2.2.5):

     rawFileName.Replace(QUOTE, wxT("\\") QUOTE);
"
(End of quote)

I uploaded a package with the fix to karmic and will try to provide
fixes for jaunty, intrepid and hardy.

** Affects: amule (Ubuntu)
     Importance: High
         Status: Triaged

** Affects: amule (Debian)
     Importance: Unknown
         Status: Unknown

** Bug watch added: Debian Bug tracker #525078
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078

** Also affects: amule (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
   Importance: Unknown
       Status: Unknown

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1440

** Visibility changed to: Public

** Changed in: amule (Ubuntu)
   Importance: Undecided => High

** Changed in: amule (Ubuntu)
       Status: New => Triaged

-- 
Security issue allows code execution, CVE-2009-1440
https://bugs.launchpad.net/bugs/396807
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list