[Pkg-xfce-devel] Bug#437454: CVE-2007-3770: execute arbitrary commands via crafted links using "Open Link" functionality
Darren Salt
linux at youmustbejoking.demon.co.uk
Sun Aug 12 15:58:37 UTC 2007
Package: xfce4-terminal
Version: 0.2.5.6rc1-2
Severity: grave
Tags: security, patch
CVE-2007-3770 says:
The terminal_helper_execute function in terminal/terminal.c in Xfce
Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary
commands via shell metacharacters in a crafted link, as demonstrated using
the "Open Link" functionality.
Upstream link: http://bugzilla.xfce.org/show_bug.cgi?id=3383
The attached patch fixes this: the code changes add shell quoting, using
g_shell_quote(), and the *.desktop.in files are modified to avoid
over-quoting (without this, we'd get "'foo'" instead of 'foo').
--
| Darren Salt | linux or ds at | nr. Ashington, | Toon
| RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
| + Use more efficient products. Use less. BE MORE ENERGY EFFICIENT.
Confucius say: He who post large binary, get flamed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 01_CVE-2007-3770.patch
Type: application/octet-stream
Size: 6713 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20070812/5375bde0/attachment.obj
More information about the Pkg-xfce-devel
mailing list