[Desktop-packages] [Bug 1513964] Re: dsextras.py : Shell Command Injection with a pkg name

Sat, 28 May 2016 04:46:11 -0700 

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pygobject-2 in Ubuntu.
https://bugs.launchpad.net/bugs/1513964

Title:
  dsextras.py :  Shell Command Injection with a pkg name

Status in pygobject-2 package in Ubuntu:
  New

Bug description:
  Expoit screenshot attached.

  The "dsextras.py" script  is vulnerable in multiple functions for code
  injections in the "name" of a pkg.

  The script uses old and depreached python functions wich are a
  security risk :

  commands.getstatusoutput()
  os.system()
  os.popen()

  Please use the subprocess module instead !

  
  Expoit Example wich runs a xmessage command
  ======================================

  theregrunner@1510:~$ cd /usr/lib/python2.7/dist-packages/gtk-2.0/
  theregrunner@1510:/usr/lib/python2.7/dist-packages/gtk-2.0$ python
  Python 2.7.10 (default, Oct 14 2015, 16:09:02) 
  [GCC 5.2.1 20151010] on linux2
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import dsextras
  >>> dsextras.pkgc_get_version('fontutil;xmessage "hello bug"')
  '1.3.1'
   
  =======================================

  This Bug also effects the "so" files in the gtk-2.0 folder :
  atk.so
  gtkunixprint.so
  pangocairo.so
  pango.so

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: python-gobject-2 2.28.6-12build1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  Date: Fri Nov  6 21:36:38 2015
  InstallationDate: Installed on 2015-10-22 (15 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  SourcePackage: pygobject-2
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pygobject-2/+bug/1513964/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to