Where exactly is the vulnerability here? I am unable to see it myself, it appears that you are using an eval function to evaluate code which isn't exactly a security issue.
2012/8/17 research <resea...@reactionis.co.uk> > Summary > ======= > > There is an arbitrary command execution vulnerability in the scriptfu > network server > console in the GIMP 2.6 branch. It is possible to use a python scriptfu > command to run > arbitrary operating-system commands and potentially take full control of > the > host. > > The advisory is posted here: > > http://www.reactionpenetrationtesting.co.uk/GIMP-scriptfu-python-command-exe > cution.html > > CVE number: CVE-2012-4245 > Vendor homepage: http://www.gimp.org/ > Vendor notified: 9/8/2012 > > > Affected Products > ================= > > GIMP 2.6 branch (Windows or Linux builds) > > Non-Affected Products > ===================== > > The Scriptfu network server component does not currently work in the GIMP > 2.8 branch > (Windows or Linux builds). > > Details > ======= > > There is an arbitrary command execution vulnerability in the scriptfu > network server > console in the GIMP 2.6 branch. It is possible to use a python scriptfu > command to run > arbitrary operating-system commands and potentially take full control of > the > host. > The following command will write "foo" to "/tmp/owned": > > (python-fu-eval 0 "file = open('/tmp/owned','w')\nfile.write('foo')") > > > Impact > ====== > > Successful exploitation of the vulnerability may result in remote command > execution. > > Solution > =========== > No solution has been implemented at this stage apart from the workaround > below. > > Workaround > =========== > > Do not enable the scriptfu network server. > The GIMP development team have stated that this component was not designed > with security > in mind and therefore should not be used in production environments. > > Distribution > ============ > > In addition to posting on the website, a text version of this notice > is posted to the following e-mail and Usenet news recipients. > > * bugtraq () securityfocus com > * full-disclosure () lists grok org uk > > Future updates of this advisory, if any, will be placed on the ReactionIS > corporate website, but may or may not be actively announced on > mailing lists or newsgroups. Users concerned about this problem are > encouraged to check the URL below for any updates: > > > http://www.reactionpenetrationtesting.co.uk/GIMP-scriptfu-python-command-exe > cution.html > > > ============================================================================ > ==== > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
